CVE-2023-4389

Risk Scores

Affected Products

Exploit Intelligence

• Simplified Version of Cryptography Attack based on Birthday Paradox: Sweet32 (CVE-2016-2183) (github-poc)
• Simplified Version of Cryptography Attack based on Birthday Paradox: Sweet32 (CVE-2016-2183) (github-poc)
• Simplified Version of Cryptography Attack based on Birthday Paradox: Sweet32 (CVE-2016-2183) (github-poc)
• Simplified Version of Cryptography Attack based on Birthday Paradox: Sweet32 (CVE-2016-2183) (github-poc)
• Simplified Version of Cryptography Attack based on Birthday Paradox: Sweet32 (CVE-2016-2183) (github-poc)
• Simplified Version of Cryptography Attack based on Birthday Paradox: Sweet32 (CVE-2016-2183) (github-poc)
• A carefully crafted If: request header can cause a memory read, or write of a single zero byte, in a pool (heap) memory location beyond the header value sent. This could cause the process to crash. This issue affects Apache HTTP Server 2.4.54 and earlier. CVE project by @Sn0wAlice (github-poc)
• A carefully crafted If: request header can cause a memory read, or write of a single zero byte, in a pool (heap) memory location beyond the header value sent. This could cause the process to crash. This issue affects Apache HTTP Server 2.4.54 and earlier. CVE project by @Sn0wAlice (github-poc)
• A carefully crafted If: request header can cause a memory read, or write of a single zero byte, in a pool (heap) memory location beyond the header value sent. This could cause the process to crash. This issue affects Apache HTTP Server 2.4.54 and earlier. CVE project by @Sn0wAlice (github-poc)
• A carefully crafted If: request header can cause a memory read, or write of a single zero byte, in a pool (heap) memory location beyond the header value sent. This could cause the process to crash. This issue affects Apache HTTP Server 2.4.54 and earlier. CVE project by @Sn0wAlice (github-poc)

…and 345 more exploits

Timeline

• Jun 28, 2021 PoC Published
• Dec 11, 2021 PoC Published
• Dec 13, 2021 PoC Published
• Jun 7, 2022 PoC Published
• Sep 16, 2022 PoC Published
• Jun 9, 2023 PoC Published
• Jul 15, 2023 PoC Published
• Aug 16, 2023 CVE Published
• Aug 18, 2023 EPSS Score
• Sep 20, 2023 EPSS Score
• Oct 24, 2023 EPSS Score
• Nov 4, 2023 PoC Published

References

• https://wid.cert-bund.de/.well-known/csaf/white/2023/wid-sec-w-2023-2074.json advisory
• https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2023-2074 advisory
• https://bugzilla.redhat.com/show_bug.cgi?id=2219270 advisory
• https://bugzilla.redhat.com/show_bug.cgi?id=2219271 advisory
• https://lists.suse.com/pipermail/sle-security-updates/2023-September/016151.html advisory
• https://lists.suse.com/pipermail/sle-security-updates/2023-September/016152.html advisory
• https://lists.suse.com/pipermail/sle-security-updates/2023-September/016153.html advisory
• https://lists.suse.com/pipermail/sle-security-updates/2023-September/016181.html advisory
• https://lists.suse.com/pipermail/sle-security-updates/2023-September/016211.html advisory
• https://ubuntu.com/security/notices/USN-6388-1 advisory
• https://lists.suse.com/pipermail/sle-security-updates/2023-September/016212.html advisory
• https://lists.suse.com/pipermail/sle-security-updates/2023-September/016222.html advisory
• https://lists.suse.com/pipermail/sle-security-updates/2023-September/016214.html advisory
• https://lists.suse.com/pipermail/sle-security-updates/2023-September/016208.html advisory
• https://lists.suse.com/pipermail/sle-security-updates/2023-September/016213.html advisory
• https://lists.suse.com/pipermail/sle-security-updates/2023-September/016234.html advisory
• https://lists.suse.com/pipermail/sle-security-updates/2023-September/016233.html advisory
• https://lists.suse.com/pipermail/sle-security-updates/2023-September/016283.html advisory
• https://lists.suse.com/pipermail/sle-security-updates/2023-September/016285.html advisory
• https://lists.suse.com/pipermail/sle-security-updates/2023-September/016284.html advisory

…and 17 more