How severe is CVE-2023-41185?

This vulnerability has a severity rating of HIGH with a CVSS score of 8.6 out of 10.

What type of vulnerability is CVE-2023-41185?

This is classified as CWE-190, which is a common weakness in software security.

CVE-2023-41185 - HIGH Severity | CVSS 8.6

Vulnerability Description

Unified Automation UaGateway Certificate Parsing Integer Overflow Denial-of-Service Vulnerability. This vulnerability allows remote attackers to create a denial-of-service condition on affected installations of Unified Automation UaGateway. Authentication is not required to exploit this vulnerability. The specific flaw exists within the processing of client certificates. When parsing the certificate length field, the process does not properly validate user-supplied data, which can result in an integer overflow. An attacker can leverage this vulnerability to create a denial-of-service condition on the system. Was ZDI-CAN-20353.

Related Vulnerabilities

CVE-2016-1951

HIGH

CVSS:8.6(High)

Multiple integer overflows in io/prprf.c in Mozilla Netscape Portable Runtime (NSPR) before 4.12 allow remote attackers to cause a denial of service (buffer overflow) or possibly have unspecified othe...

CWE-1902016

CVE-2016-5094

HIGH

CVSS:8.6(High)

Integer overflow in the php_html_entities function in ext/standard/html.c in PHP before 5.5.36 and 5.6.x before 5.6.22 allows remote attackers to cause a denial of service or possibly have unspecified...

CWE-1902016

CVE-2016-5095

HIGH

CVSS:8.6(High)

Integer overflow in the php_escape_html_entities_ex function in ext/standard/html.c in PHP before 5.5.36 and 5.6.x before 5.6.22 allows remote attackers to cause a denial of service or possibly have u...

CWE-1902016

CVE-2016-5096

HIGH

CVSS:8.6(High)

Integer overflow in the fread function in ext/standard/file.c in PHP before 5.5.36 and 5.6.x before 5.6.22 allows remote attackers to cause a denial of service or possibly have unspecified other impac...

CWE-1902016

CVE-2016-6250

HIGH

CVSS:8.6(High)

Integer overflow in the ISO9660 writer in libarchive before 3.2.1 allows remote attackers to cause a denial of service (application crash) or execute arbitrary code via vectors related to verifying fi...

CWE-1902016

CVE-2020-10878

HIGH

CVSS:8.6(High)

Perl before 5.30.3 has an integer overflow related to mishandling of a "PL_regkind[OP(n)] == NOTHING" situation. A crafted regular expression could lead to malformed bytecode with a possibility of ins...

CWE-1902020