CVE-2023-50923 (GCVE-0-2023-50923)

Vulnerability from cvelistv5 – Published: 2024-02-20 00:00 – Updated: 2024-12-04 21:02 Disputed
VLAI?
Summary
In QUIC in RFC 9000, the Latency Spin Bit specification (section 17.4) does not strictly constrain the bit value when the feature is disabled, which might allow remote attackers to construct a covert channel with data represented as changes to the bit value. NOTE: The "Sheridan, S., Keane, A. (2015). In Proceedings of the 14th European Conference on Cyber Warfare and Security (ECCWS), University of Hertfordshire, Hatfield, UK." paper says "Modern Internet communication protocols provide an almost infinite number of ways in which data can be hidden or embed whithin seemingly normal network traffic."
Severity ?
4.3 (Medium)
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
CWE
  • n/a
Assigner
References
Show details on NVD website
To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T22:23:44.007Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.rfc-editor.org/rfc/rfc9000.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://ieeexplore.ieee.org/document/10427406"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://arrow.tudublin.ie/nsdcon/2/"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "LOW",
              "attackVector": "NETWORK",
              "availabilityImpact": "NONE",
              "baseScore": 4.3,
              "baseSeverity": "MEDIUM",
              "confidentialityImpact": "NONE",
              "integrityImpact": "LOW",
              "privilegesRequired": "LOW",
              "scope": "UNCHANGED",
              "userInteraction": "NONE",
              "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2023-50923",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-08-15T20:16:01.121510Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "problemTypes": [
          {
            "descriptions": [
              {
                "cweId": "CWE-352",
                "description": "CWE-352 Cross-Site Request Forgery (CSRF)",
                "lang": "en",
                "type": "CWE"
              }
            ]
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-12-04T21:02:20.418Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In QUIC in RFC 9000, the Latency Spin Bit specification (section 17.4) does not strictly constrain the bit value when the feature is disabled, which might allow remote attackers to construct a covert channel with data represented as changes to the bit value. NOTE: The \"Sheridan, S., Keane, A. (2015). In Proceedings of the 14th European Conference on Cyber Warfare and Security (ECCWS), University of Hertfordshire, Hatfield, UK.\" paper says \"Modern Internet communication protocols provide an almost infinite number of ways in which data can be hidden or embed whithin seemingly normal network traffic.\""
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-02-20T23:17:09.160Z",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "url": "https://www.rfc-editor.org/rfc/rfc9000.html"
        },
        {
          "url": "https://ieeexplore.ieee.org/document/10427406"
        },
        {
          "url": "https://arrow.tudublin.ie/nsdcon/2/"
        }
      ],
      "tags": [
        "disputed"
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2023-50923",
    "datePublished": "2024-02-20T00:00:00.000Z",
    "dateReserved": "2023-12-15T00:00:00.000Z",
    "dateUpdated": "2024-12-04T21:02:20.418Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "epss": {
      "cve": "CVE-2023-50923",
      "date": "2026-04-25",
      "epss": "0.00055",
      "percentile": "0.173"
    },
    "fkie_nvd": {
      "cveTags": "[{\"sourceIdentifier\": \"cve@mitre.org\", \"tags\": [\"disputed\"]}]",
      "descriptions": "[{\"lang\": \"en\", \"value\": \"In QUIC in RFC 9000, the Latency Spin Bit specification (section 17.4) does not strictly constrain the bit value when the feature is disabled, which might allow remote attackers to construct a covert channel with data represented as changes to the bit value. NOTE: The \\\"Sheridan, S., Keane, A. (2015). In Proceedings of the 14th European Conference on Cyber Warfare and Security (ECCWS), University of Hertfordshire, Hatfield, UK.\\\" paper says \\\"Modern Internet communication protocols provide an almost infinite number of ways in which data can be hidden or embed whithin seemingly normal network traffic.\\\"\"}, {\"lang\": \"es\", \"value\": \"En QUIC en RFC 9000, la especificaci\\u00f3n Latency Spin Bit (secci\\u00f3n 17.4) no restringe estrictamente el valor del bit cuando la caracter\\u00edstica est\\u00e1 deshabilitada, lo que podr\\u00eda permitir a atacantes remotos construir un canal encubierto con datos representados como cambios en el valor del bit. NOTA: \\\"Sheridan, S., Keane, A. (2015). En Actas de la 14\\u00aa Conferencia Europea sobre Guerra Cibern\\u00e9tica y Seguridad (ECCWS), Universidad de Hertfordshire, Hatfield, Reino Unido\\\". El art\\u00edculo dice: \\\"Los protocolos de comunicaci\\u00f3n de Internet modernos proporcionan un n\\u00famero casi infinito de formas en las que los datos pueden ocultarse o incrustarse en el tr\\u00e1fico de red aparentemente normal\\\".\"}]",
      "id": "CVE-2023-50923",
      "lastModified": "2024-12-04T21:15:19.777",
      "metrics": "{\"cvssMetricV31\": [{\"source\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"type\": \"Secondary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N\", \"baseScore\": 4.3, \"baseSeverity\": \"MEDIUM\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"LOW\", \"userInteraction\": \"NONE\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"NONE\", \"integrityImpact\": \"LOW\", \"availabilityImpact\": \"NONE\"}, \"exploitabilityScore\": 2.8, \"impactScore\": 1.4}]}",
      "published": "2024-02-21T00:15:07.597",
      "references": "[{\"url\": \"https://arrow.tudublin.ie/nsdcon/2/\", \"source\": \"cve@mitre.org\"}, {\"url\": \"https://ieeexplore.ieee.org/document/10427406\", \"source\": \"cve@mitre.org\"}, {\"url\": \"https://www.rfc-editor.org/rfc/rfc9000.html\", \"source\": \"cve@mitre.org\"}, {\"url\": \"https://arrow.tudublin.ie/nsdcon/2/\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://ieeexplore.ieee.org/document/10427406\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://www.rfc-editor.org/rfc/rfc9000.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}]",
      "sourceIdentifier": "cve@mitre.org",
      "vulnStatus": "Awaiting Analysis",
      "weaknesses": "[{\"source\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"type\": \"Secondary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-352\"}]}]"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2023-50923\",\"sourceIdentifier\":\"cve@mitre.org\",\"published\":\"2024-02-21T00:15:07.597\",\"lastModified\":\"2024-12-04T21:15:19.777\",\"vulnStatus\":\"Awaiting Analysis\",\"cveTags\":[{\"sourceIdentifier\":\"cve@mitre.org\",\"tags\":[\"disputed\"]}],\"descriptions\":[{\"lang\":\"en\",\"value\":\"In QUIC in RFC 9000, the Latency Spin Bit specification (section 17.4) does not strictly constrain the bit value when the feature is disabled, which might allow remote attackers to construct a covert channel with data represented as changes to the bit value. NOTE: The \\\"Sheridan, S., Keane, A. (2015). In Proceedings of the 14th European Conference on Cyber Warfare and Security (ECCWS), University of Hertfordshire, Hatfield, UK.\\\" paper says \\\"Modern Internet communication protocols provide an almost infinite number of ways in which data can be hidden or embed whithin seemingly normal network traffic.\\\"\"},{\"lang\":\"es\",\"value\":\"En QUIC en RFC 9000, la especificaci\u00f3n Latency Spin Bit (secci\u00f3n 17.4) no restringe estrictamente el valor del bit cuando la caracter\u00edstica est\u00e1 deshabilitada, lo que podr\u00eda permitir a atacantes remotos construir un canal encubierto con datos representados como cambios en el valor del bit. NOTA: \\\"Sheridan, S., Keane, A. (2015). En Actas de la 14\u00aa Conferencia Europea sobre Guerra Cibern\u00e9tica y Seguridad (ECCWS), Universidad de Hertfordshire, Hatfield, Reino Unido\\\". El art\u00edculo dice: \\\"Los protocolos de comunicaci\u00f3n de Internet modernos proporcionan un n\u00famero casi infinito de formas en las que los datos pueden ocultarse o incrustarse en el tr\u00e1fico de red aparentemente normal\\\".\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"134c704f-9b21-4f2e-91b3-4a467353bcc0\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N\",\"baseScore\":4.3,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"LOW\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":2.8,\"impactScore\":1.4}]},\"weaknesses\":[{\"source\":\"134c704f-9b21-4f2e-91b3-4a467353bcc0\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-352\"}]}],\"references\":[{\"url\":\"https://arrow.tudublin.ie/nsdcon/2/\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://ieeexplore.ieee.org/document/10427406\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://www.rfc-editor.org/rfc/rfc9000.html\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://arrow.tudublin.ie/nsdcon/2/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://ieeexplore.ieee.org/document/10427406\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://www.rfc-editor.org/rfc/rfc9000.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"}]}}",
    "vulnrichment": {
      "containers": "{\"adp\": [{\"title\": \"CVE Program Container\", \"references\": [{\"url\": \"https://www.rfc-editor.org/rfc/rfc9000.html\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://ieeexplore.ieee.org/document/10427406\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://arrow.tudublin.ie/nsdcon/2/\", \"tags\": [\"x_transferred\"]}], \"providerMetadata\": {\"orgId\": \"af854a3a-2127-422b-91ae-364da2661108\", \"shortName\": \"CVE\", \"dateUpdated\": \"2024-08-02T22:23:44.007Z\"}}, {\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"cvssV3_1\": {\"scope\": \"UNCHANGED\", \"version\": \"3.1\", \"baseScore\": 4.3, \"attackVector\": \"NETWORK\", \"baseSeverity\": \"MEDIUM\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N\", \"integrityImpact\": \"LOW\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"LOW\", \"availabilityImpact\": \"NONE\", \"privilegesRequired\": \"LOW\", \"confidentialityImpact\": \"NONE\"}}, {\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2023-50923\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"partial\"}], \"version\": \"2.0.3\", \"timestamp\": \"2024-08-15T20:16:01.121510Z\"}}}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-352\", \"description\": \"CWE-352 Cross-Site Request Forgery (CSRF)\"}]}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2024-08-15T20:16:52.847Z\"}}], \"cna\": {\"tags\": [\"disputed\"], \"affected\": [{\"vendor\": \"n/a\", \"product\": \"n/a\", \"versions\": [{\"status\": \"affected\", \"version\": \"n/a\"}]}], \"references\": [{\"url\": \"https://www.rfc-editor.org/rfc/rfc9000.html\"}, {\"url\": \"https://ieeexplore.ieee.org/document/10427406\"}, {\"url\": \"https://arrow.tudublin.ie/nsdcon/2/\"}], \"descriptions\": [{\"lang\": \"en\", \"value\": \"In QUIC in RFC 9000, the Latency Spin Bit specification (section 17.4) does not strictly constrain the bit value when the feature is disabled, which might allow remote attackers to construct a covert channel with data represented as changes to the bit value. NOTE: The \\\"Sheridan, S., Keane, A. (2015). In Proceedings of the 14th European Conference on Cyber Warfare and Security (ECCWS), University of Hertfordshire, Hatfield, UK.\\\" paper says \\\"Modern Internet communication protocols provide an almost infinite number of ways in which data can be hidden or embed whithin seemingly normal network traffic.\\\"\"}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"text\", \"description\": \"n/a\"}]}], \"providerMetadata\": {\"orgId\": \"8254265b-2729-46b6-b9e3-3dfca2d5bfca\", \"shortName\": \"mitre\", \"dateUpdated\": \"2024-02-20T23:17:09.160101\"}}}",
      "cveMetadata": "{\"cveId\": \"CVE-2023-50923\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2024-12-04T21:02:20.418Z\", \"dateReserved\": \"2023-12-15T00:00:00\", \"assignerOrgId\": \"8254265b-2729-46b6-b9e3-3dfca2d5bfca\", \"datePublished\": \"2024-02-20T00:00:00\", \"assignerShortName\": \"mitre\"}",
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }
  }
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.