CVE-2023-31475
Severity CVSS v4.0:
Pending analysis
Type:
CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
Publication date:
11/05/2023
Last modified:
27/01/2025
Description
An issue was discovered on GL.iNet devices before 3.216. The function guci2_get() found in libglutil.so has a buffer overflow when an item is requested from a UCI context, and the value is pasted into a char pointer to a buffer without checking the size of the buffer.
Impact
Base Score 3.x
9.80
Severity 3.x
CRITICAL
Vulnerable products and versions
| CPE | From | Up to |
|---|---|---|
| cpe:2.3:o:gl-inet:gl-s20_firmware:*:*:*:*:*:*:*:* | 3.216 (excluding) | |
| cpe:2.3:h:gl-inet:gl-s20:-:*:*:*:*:*:*:* | ||
| cpe:2.3:o:gl-inet:gl-x3000_firmware:*:*:*:*:*:*:*:* | 3.216 (excluding) | |
| cpe:2.3:h:gl-inet:gl-x3000:-:*:*:*:*:*:*:* | ||
| cpe:2.3:o:gl-inet:gl-mt3000_firmware:*:*:*:*:*:*:*:* | 3.216 (excluding) | |
| cpe:2.3:h:gl-inet:gl-mt3000:-:*:*:*:*:*:*:* | ||
| cpe:2.3:o:gl-inet:gl-mt2500_firmware:*:*:*:*:*:*:*:* | 3.216 (excluding) | |
| cpe:2.3:h:gl-inet:gl-mt2500:-:*:*:*:*:*:*:* | ||
| cpe:2.3:o:gl-inet:gl-mt2500a_firmware:*:*:*:*:*:*:*:* | 3.216 (excluding) | |
| cpe:2.3:h:gl-inet:gl-mt2500a:-:*:*:*:*:*:*:* | ||
| cpe:2.3:o:gl-inet:gl-axt1800_firmware:*:*:*:*:*:*:*:* | 3.216 (excluding) | |
| cpe:2.3:h:gl-inet:gl-axt1800:-:*:*:*:*:*:*:* | ||
| cpe:2.3:o:gl-inet:gl-a1300_firmware:*:*:*:*:*:*:*:* | 3.216 (excluding) | |
| cpe:2.3:h:gl-inet:gl-a1300:-:*:*:*:*:*:*:* | ||
| cpe:2.3:o:gl-inet:gl-ax1800_firmware:*:*:*:*:*:*:*:* | 3.216 (excluding) |
To consult the complete list of CPE names with products and versions, see this page
References to Advisories, Solutions, and Tools
- https://github.com/gl-inet/CVE-issues/blob/main/3.215/Buffer_Overflow.md
- https://justinapplegate.me/2023/glinet-CVE-2023-31475/
- https://www.gl-inet.com
- https://github.com/gl-inet/CVE-issues/blob/main/3.215/Buffer_Overflow.md
- https://justinapplegate.me/2023/glinet-CVE-2023-31475/
- https://www.gl-inet.com