CVE-2023-38322: 
Linux Debian vulnerability analysis and mitigation

An issue was discovered in OpenNDS Captive Portal before version 10.1.2 that involves a NULL pointer dereference vulnerability. The vulnerability can be triggered with a crafted GET HTTP request missing the User-Agent HTTP header, which results in crashing OpenNDS (a Denial-of-Service condition). This issue specifically occurs when the client is about to be authenticated and can only be triggered when the BinAuth option is set (NVD).

The vulnerability is classified as a NULL Pointer Dereference (CWE-476) with a CVSS v3.1 Base Score of 7.5 (HIGH). The attack vector is network-based (AV:N) with low attack complexity (AC:L), requiring no privileges (PR:N) or user interaction (UI:N). The scope is unchanged (S:U), with no impact on confidentiality (C:N) or integrity (I:N), but high impact on availability (A:H) (NVD).

When successfully exploited, this vulnerability results in a denial-of-service condition by causing OpenNDS to crash. This affects the availability of the Captive Portal service, potentially disrupting network access control and authentication mechanisms (NVD).

The vulnerability has been fixed in OpenNDS version 10.1.2. The fix addresses the NULL pointer dereference issue when the user_agent is NULL. Users are advised to upgrade to version 10.1.2 or later. The fix has been incorporated into OpenWrt master, OpenWrt 23.05, and OpenWrt 22.03 by updating OpenNDS to version 10.1.3 (GitHub Release, OpenWrt Commit).