{"id":"CVE-2023-41101","details":"An issue was discovered in the captive portal in OpenNDS before version 10.1.3. get_query in http_microhttpd.c does not validate the length of the query string of GET requests. This leads to a stack-based buffer overflow in versions 9.x and earlier, and to a heap-based buffer overflow in versions 10.x and later. Attackers may exploit the issue to crash OpenNDS (Denial-of-Service condition) or to inject and execute arbitrary bytecode (Remote Code Execution). Affected OpenNDS before version 10.1.3 fixed in OpenWrt master and OpenWrt 23.05 on 23. November by updating OpenNDS to version 10.2.0.","modified":"2026-04-12T02:37:03.774989Z","published":"2023-11-17T06:15:34.137Z","references":[{"type":"WEB","url":"https://source.sierrawireless.com/resources/security-bulletins/sierra-wireless-technical-bulletin---swi-psa-2023-006-v4/#sthash.2vJg3d85.rwx82g1C.dpbs"},{"type":"ADVISORY","url":"https://github.com/openNDS/openNDS/releases/tag/v10.1.3"},{"type":"FIX","url":"https://github.com/openNDS/openNDS/commit/c294cf30e0a2512062c66e6becb674557b4aed8d"},{"type":"FIX","url":"https://github.com/openwrt/routing/commit/88c98c910acccab694b3afb6d36d70ca429118a6"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/opennds/opennds","events":[{"introduced":"0d9f800011d3904766d52075ac585b40e8da5fe6"},{"fixed":"69dde77927b252e2a4347170504a785ac5d50c33"},{"fixed":"c294cf30e0a2512062c66e6becb674557b4aed8d"}],"database_specific":{"versions":[{"introduced":"9.0.0"},{"fixed":"10.1.3"}]}},{"type":"GIT","repo":"https://github.com/openwrt/routing","events":[{"introduced":"0"},{"fixed":"88c98c910acccab694b3afb6d36d70ca429118a6"}]}],"versions":["v10.1.0","v10.1.1","v10.1.2","v9.0.0","v9.1.0","v9.1.1","v9.10.0","v9.2.0","v9.3.0","v9.4.0","v9.5.0","v9.5.1","v9.6.0","v9.7.0","v9.8.0","v9.9.0","v9.9.1"],"database_specific":{"vanir_signatures":[{"signature_version":"v1","signature_type":"Line","digest":{"threshold":0.9,"line_hashes":["137457691868023526165641755089468395601","113760607783786135262238222344591578974","38361944527203206843792876558452085200","289069158815383969522974244451630031515","48098439061222987318595894266890716648","18248089549304330842591350647413426040","100859673577579482996828814311582828518","4212906577879089007374167492540160781","71971579775095461760167660576261860850","40829470273291149456653135198659118093","7318659347813308293459354450736562560","330746782415930392660199124712112287114","322161412360270065970805683039787048750","315989810622254148221210434052981742980","22048177310929680841109246752659752698","230109420545386354016037328940406050432","192192788192007888530974821923189024719","36904105659297334554774459570892540916","257190170531711478679769362158496702479","120561867644025031257402300818473601387","79919367968851291235955666558899484593","141681526418727385862723503722069238262","245735931031723186564375790994860410837","41107023822252924598547173522615162867","72886466275507565945461118736827601588","51185940010342553109752581031104151239","262032072797494419797070971142850059786","163193851128177024952813043648659232185","183977367367222977834122364266783103699","261234941025156634628069952052667016587","90835220978938728864913032265940942715","166430385142398793258724797202718735974","239613132453251455662409890709584537908","124886990055817206676205845275441703414","182427381570983412680859445316969951979","64963674472624673700004404046517207779","27627499934936544397384755073662831926","301453618716397548003372899806447549024","110664121933620110100356568114094126821","290362823309878215635313267586397315629","59798454071966008449464211948576214197","211718501085583271562399542858586006867","311498562202542148502170301147568629867","14424830614864744628862134073043931325","286285346912657075889432135501687653299","201032372122571624897472276442104736921","232594786266876647827329835903368895361","294732951754287630674535924498789274603","85076844267673566098521708898455618398","232155275227107151421914112459988358134","76251240201752169549558581723100692704","299012200533461831106782263300103662156","125879345508849882733185113005996995445","110409966920323211050404980177222413033","204587718160994523209030406856033778955","84092067765526164240436181478338120942","19342827211266949382309561889511231518","85503230059885854517909342294187370226","177684300954561258918016372237469579271","208257977716126882547259870674295826721","72906470670604165036223957690909841165","131616523449915460093652201295802448090","70034088595752219001946064352130471914","304942516729060119762909932605241132396","331894419808871865170800572460191406513","230333304556708259604072983182083373598","55451602373893997159990173937801158812","154313932013066581993948763169805705169","148807707330522652587116675795665553111","315609004395637806690624037388968770222","209241132202591751360957443220129608067","206793274579362407259334479962116202443","145479567438405273663392003094769564583","115004354819299968204354603919846746978","297922066752061126416252896825186518018","268586850189601179748262303248843125437","227140963110017406831299856059850843288","223757986086278691717224669392069090312","193281435671037170193200379963001798855","60367437001665942780610864490362983009","63380696555323515953747712622822365151","160030203324463527502933442394112117121","150175395558096358434769954194496807211","59059271888882517412684200092611496226","20094493439105374964794347341326605653"]},"id":"CVE-2023-41101-032f9552","deprecated":false,"target":{"file":"src/http_microhttpd.c"},"source":"https://github.com/opennds/opennds/commit/c294cf30e0a2512062c66e6becb674557b4aed8d"},{"signature_version":"v1","signature_type":"Function","digest":{"length":1841,"function_hash":"35111702830973012233494361621688516701"},"id":"CVE-2023-41101-5a5190fd","deprecated":false,"target":{"function":"show_preauthpage","file":"src/http_microhttpd.c"},"source":"https://github.com/opennds/opennds/commit/c294cf30e0a2512062c66e6becb674557b4aed8d"},{"signature_version":"v1","signature_type":"Function","digest":{"length":1670,"function_hash":"259136661424027336584912831600383883037"},"id":"CVE-2023-41101-f9bfacc3","deprecated":false,"target":{"function":"get_query","file":"src/http_microhttpd.c"},"source":"https://github.com/opennds/opennds/commit/c294cf30e0a2512062c66e6becb674557b4aed8d"}],"vanir_signatures_modified":"2026-04-12T02:37:03Z","source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2023-41101.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}]}