Vulnerability DatabaseCVE-2023-28753

CVE-2023-28753:
Linux Fedora vulnerability analysis and mitigation

Overview

netconsd prior to version 0.2 was discovered to contain an integer overflow vulnerability in its parse_packet function. The vulnerability was assigned CVE-2023-28753 and was disclosed on May 18, 2023. The affected software is Facebook's netconsd, a network monitoring daemon (NVD, CVE).

Technical details

The vulnerability is classified as an Out-of-bounds Write (CWE-787) with a CVSS v3.1 base score of 9.8 (CRITICAL), indicating the highest severity level. The vector string is CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H, which suggests that the vulnerability can be exploited remotely with low attack complexity, requires no privileges or user interaction, and can result in high impacts to confidentiality, integrity, and availability (NVD).

Impact

A successful exploitation of this vulnerability could allow an attacker to create heap memory corruption with attacker-controlled data. Given the CVSS score and vector, this could lead to complete compromise of the affected system's confidentiality, integrity, and availability (NVD).

Mitigation and workarounds

The vulnerability has been patched in netconsd version 0.2. Users are advised to upgrade to this version or later. The fix ensures that fragment offset values are properly validated to be less than the total length of all fragments to be received (Github Patch).

Additional resources

Source: This report was generated using AI

Related Linux Fedora vulnerabilities:

CVE ID	Severity	Score	Technologies	Component name	CISA KEV exploit	Has fix	Published date
CVE-2025-66287	HIGH	8.8	Linux Debian	javascriptcoregtk6.0-devel-debuginfo	No	Yes	Dec 04, 2025
CVE-2025-12744	HIGH	8.8	Linux Fedora	python3-abrt-doc	No	Yes	Dec 03, 2025
CVE-2025-13601	HIGH	7.7	CBL Mariner	glib2-debuginfo	No	Yes	Nov 26, 2025
CVE-2025-13947	HIGH	7.4	Linux Debian	webkitgtk3-doc	No	Yes	Dec 03, 2025
CVE-2025-63938	MEDIUM	6.5	Linux Debian	tinyproxy	No	Yes	Nov 26, 2025