CVE-2023-4163 - Possible buffer overflow in portcfgfportbuffers in Brocade Fabric OS

Brocade Directors

3 more products

22514

17 April 2024

29 August 2023

CLOSED

MEDIUM

4.4 - CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H

CVE-2023-4163

Brocade Security Advisory ID

BSA-2023-2368

Component

CLI

 

 

Summary

In Brocade Fabric OS before v9.2.0a, a local authenticated privileged user can trigger a buffer overflow condition, leading to a kernel panic with large input to buffers in the portcfgfportbuffers command.

 

Products Affected

Note: All Brocade Fabric OS versions are affected.

Solution

The security update is provided in Brocade Fabric OS v9.2.0a, v9.1.1d

Credit

The issue was discovered during internal penetration testing.

 Revision History

Version

Change

Date

1.0

Initial Publication

August 29, 2023

2.0

update for Fabric OS v9.1.1d and changed Affects

April 11, 2024

 

Disclaimer

THIS DOCUMENT IS PROVIDED ON AN AS-IS BASIS SOLELY FOR INFORMATIONAL PURPOSES AND DOES NOT IMPLY ANY KIND OF GUARANTY OR WARRANTY, INCLUDING THE WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE. YOUR USE OF THE INFORMATION CONTAINED HEREIN IS AT YOUR OWN RISK. ALL INFORMATION PROVIDED HEREIN IS BASED ON BROCADE'S CURRENT KNOWLEDGE AND UNDERSTANDING OF THE VULNERABILITY AND IMPACT TO BROCADE HARDWARE AND SOFTWARE PRODUCTS. BROCADE RESERVES THE RIGHT TO CHANGE OR UPDATE THIS DOCUMENT AT ANY TIME.