OpenSSL DTLS IE Fragment DoS Vulnerability (Transient)
CVE-2023-33084 Published on March 4, 2024

Improper Release of Memory Before Removing Last Reference in Data Modem
Transient DOS while processing IE fragments from server during DTLS handshake.

NVD

Vulnerability Analysis

CVE-2023-33084 is exploitable with network access, and does not require authorization privileges or user interaction. This vulnerability is considered to have a low attack complexity. The potential impact of an exploit of this vulnerability is considered to have no impact on confidentiality and integrity, and a high impact on availability.

Attack Vector:
NETWORK
Attack Complexity:
LOW
Privileges Required:
NONE
User Interaction:
NONE
Scope:
UNCHANGED
Confidentiality Impact:
NONE
Integrity Impact:
NONE
Availability Impact:
HIGH

Weakness Type

What is a Memory Leak Vulnerability?

The software does not sufficiently track and release allocated memory after it has been used, which slowly consumes remaining memory. This is often triggered by improper handling of malformed data or unexpectedly interrupted sessions. In some languages, developers are responsible for tracking memory allocation and releasing the memory. If there are no more pointers or references to the memory, then it can no longer be tracked and identified for release.

CVE-2023-33084 has been classified to as a Memory Leak vulnerability or weakness.


Products Associated with CVE-2023-33084

You can be notified by email with stack.watch whenever vulnerabilities like CVE-2023-33084 are published in these products:

Google Android
 
OpenSSL
 

Affected Versions

Qualcomm, Inc. Snapdragon: qualcomm ar8035_firmware: qualcomm fastconnect_6700_firmware: qualcomm fastconnect_6900_firmware: qualcomm fastconnect_7800_firmware: qualcomm qca6584au_firmware: qualcomm qca6698aq_firmware: qualcomm qca8081_firmware: qualcomm qca8337_firmware: qualcomm qcc710_firmware: qualcomm qcm4490_firmware: qualcomm qcm8550_firmware: qualcomm qcn6024_firmware: qualcomm qcn6224_firmware: qualcomm qcn6274_firmware: qualcomm qcn9024_firmware: qualcomm qcs4490_firmware: qualcomm qfw7114_firmware: qualcomm qfw7124_firmware: qualcomm sm8550p_firmware: qualcomm snapdragon_4_gen_2_mobile_platform_firmware: qualcomm snapdragon_8_gen_2_mobile_platform_firmware: qualcomm snapdragon_8_gen_3_mobile_platform_firmware: qualcomm snapdragon_auto_5g_modem-rf_gen_2_firmware: qualcomm snapdragon_x65_5g_modem-rf_system_firmware: qualcomm snapdragon_x75_5g_modem-rf_system_firmware: qualcomm wcd9340_firmware: qualcomm wcd9370_firmware: qualcomm wcd9380_firmware: qualcomm wcd9385_firmware: qualcomm wcd9390_firmware: qualcomm wcd9395_firmware: qualcomm wcn3950_firmware: qualcomm wcn3988_firmware: qualcomm wsa8810_firmware: qualcomm wsa8815_firmware: qualcomm wsa8830_firmware: qualcomm wsa8832_firmware: qualcomm wsa8835_firmware: qualcomm wsa8840_firmware: qualcomm wsa8845_firmware: qualcomm wsa8845h_firmware:

Exploit Probability

EPSS
0.14%
Percentile
34.44%

EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.