CVE-2023-41101 Information

Description

An issue was discovered in the captive portal in OpenNDS before version 10.1.3. get_query in http_microhttpd.c does not validate the length of the query string of GET requests. This leads to a stack-based buffer overflow in versions 9.x and earlier and to a heap-based buffer overflow in versions 10.x and later. Attackers may exploit the issue to crash OpenNDS (Denial-of-Service condition) or to inject and execute arbitrary bytecode (Remote Code Execution).

Reference

https://github.com/openNDS/openNDS/releases/tag/v10.1.3 https://github.com/openNDS/openNDS/commit/c294cf30e0a2512062c66e6becb674557b4aed8d