How severe is CVE-2023-3603?

This vulnerability has a severity rating of MEDIUM with a CVSS score of 6.5 out of 10.

What type of vulnerability is CVE-2023-3603?

This is classified as CWE-476, which is a common weakness in software security.

CVE-2023-3603 - MEDIUM Severity | CVSS 6.5

Vulnerability Description

A missing allocation check in sftp server processing read requests may cause a NULL dereference on low-memory conditions. The malicious client can request up to 4GB SFTP reads, causing allocation of up to 4GB buffers, which was not being checked for failure. This will likely crash the authenticated user's sftp server connection (if implemented as forking as recommended). For thread-based servers, this might also cause DoS for legitimate users. Given this code is not in any released versions, no security releases have been issued.

Related Vulnerabilities

CVE-2011-1802

MEDIUM

CVSS:6.5(Medium)

WebKit in Google Chrome before Blink M11 and M12 does not properly handle counter nodes, which allows remote attackers to cause a denial of service (memory corruption).

CWE-4762011

CVE-2011-2691

MEDIUM

CVSS:6.5(Medium)

The png_err function in pngerror.c in libpng 1.0.x before 1.0.55, 1.2.x before 1.2.45, 1.4.x before 1.4.8, and 1.5.x before 1.5.4 makes a function call using a NULL pointer argument instead of an empt...

CWE-4762011

CVE-2015-8272

MEDIUM

CVSS:6.5(Medium)

RTMPDump 2.4 allows remote attackers to trigger a denial of service (NULL pointer dereference and process crash).

CWE-4762015

CVE-2015-8750

MEDIUM

CVSS:6.5(Medium)

libdwarf 20151114 and earlier allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via a debug_abbrev section marked NOBITS in an ELF file.

CWE-4762015

CVE-2015-8916

MEDIUM

CVSS:6.5(Medium)

bsdtar in libarchive before 3.2.0 returns a success code without filling the entry when the header is a "split file in multivolume RAR," which allows remote attackers to cause a denial of service (NUL...

CWE-4762015

CVE-2016-10505

MEDIUM

CVSS:6.5(Medium)

NULL pointer dereference vulnerabilities in the imagetopnm function in convert.c, sycc444_to_rgb function in color.c, color_esycc_to_rgb function in color.c, and sycc422_to_rgb function in color.c in ...

CWE-4762016