How severe is CVE-2023-45286?

This vulnerability has a severity rating of MEDIUM with a CVSS score of 5.9 out of 10.

What type of vulnerability is CVE-2023-45286?

This is classified as CWE-362, which is a common weakness in software security.

CVE-2023-45286

MEDIUM Year: 2023

CVSS v3 Score

5.9

Medium

Weakness Type

CWE-362

View all →

Vulnerability Description

A race condition in go-resty can result in HTTP request body disclosure across requests. This condition can be triggered by calling sync.Pool.Put with the same *bytes.Buffer more than once, when request retries are enabled and a retry occurs. The call to sync.Pool.Get will then return a bytes.Buffer that hasn't had bytes.Buffer.Reset called on it. This dirty buffer will contain the HTTP request body from an unrelated request, and go-resty will append the current HTTP request body to it, sending two bodies in one request. The sync.Pool in question is defined at package level scope, so a completely unrelated server could receive the request body.

CVE-2007-4774

MEDIUM

CVSS:5.9(Medium)

The Linux kernel before 2.4.36-rc1 has a race condition. It was possible to bypass systrace policies by flooding the ptraced process with SIGCONT signals, which can can wake up a PTRACED process.

CWE-3622007

CVE-2010-0021

MEDIUM

CVSS:5.9(Medium)

Multiple race conditions in the SMB implementation in the Server service in Microsoft Windows Vista Gold, SP1, and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 allow remote attackers to c...

CWE-3622010

CVE-2012-3552

MEDIUM

CVSS:5.9(Medium)

Race condition in the IP implementation in the Linux kernel before 3.0 might allow remote attackers to cause a denial of service (slab corruption and system crash) by sending packets to an application...

CWE-3622012

CVE-2014-0245

MEDIUM

CVSS:5.9(Medium)

It was found that the implementation of the GTNSubjectCreatingInterceptor class in gatein-wsrp was not thread safe. For a specific WSRP endpoint, under high-concurrency scenarios or scenarios where SO...

CWE-3622014

CVE-2015-6569

MEDIUM

CVSS:5.9(Medium)

Race condition in the LoadBalancer module in the Atlassian Floodlight Controller before 1.2 allows remote attackers to cause a denial of service (NULL pointer dereference and thread crash) via a state...

CWE-3622015

CVE-2016-10027

MEDIUM

CVSS:5.9(Medium)

Race condition in the XMPP library in Smack before 4.1.9, when the SecurityMode.required TLS setting has been set, allows man-in-the-middle attackers to bypass TLS protections and trigger use of clear...

CWE-3622016

CVE-2023-45286

Vulnerability Description

Related Vulnerabilities

CVE-2007-4774

CVE-2010-0021

CVE-2012-3552

CVE-2014-0245

CVE-2015-6569

CVE-2016-10027