GCVE - cpe:2.3:o:openbsd:openbsd:7.3:errata

Approved changes feed: RSS · Atom

cpe:2.3:o:openbsd:openbsd:7.3:errata_011:*:*:*:*:*:*

part: o version: 7.3 update: errata_011

Vendor	Openbsd (`932cdfc2-94b9-5fb6-8ef3-d0b271f414b5`)
Product	Openbsd (`53340739-b0b7-5bcf-88ee-45d5aaf96683`)
Edition	*
Language	*
Software edition	*
Target software	*
Target hardware	*
Other	*
Notes	Imported from NVD CPE 2.0 feed

PURL mappings

PURL	Source	Last updated
`pkg:github/openbsd/src`	purl2cpe	2026-06-01 10:17:38.225488
`pkg:openbsd/openbsd`	purl2cpe	2026-06-01 10:17:38.225489

Vulnerability references

Identifier	cpeApplicability	Submitted	db.gcve.eu details	Rationale
`CVE:CVE-2024-11148`	vulnerable	2026-06-08 06:23:48.936086	OpenBSD httpd(8) null dereference HIGH (7.5) In OpenBSD 7.4 before errata 006 and OpenBSD 7.3 before errata 020, httpd(8) is vulnerable to a NULL dereference when handling a malformed fastcgi request. Published: 2024-12-05T19:50:19.954Z Updated: 2024-12-06T18:58:45.147Z Open on db.gcve.eu Reference links https://ftp.openbsd.org/pub/OpenBSD/patches/7.4/common/006_httpd.patch.sig https://ftp.openbsd.org/pub/OpenBSD/patches/7.3/common/020_httpd.patch.sig	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2023-52558`	vulnerable	2026-06-08 06:17:55.333139	OpenBSD 7.4 and 7.3 m_split() network buffer kernel crash In OpenBSD 7.4 before errata 002 and OpenBSD 7.3 before errata 019, a network buffer that had to be split at certain length that could crash the kernel after receiving specially crafted escape sequences. Published: 2024-03-01T16:33:06.604Z Updated: 2024-11-19T21:42:52.858Z Open on db.gcve.eu Reference links https://ftp.openbsd.org/pub/OpenBSD/patches/7.4/common/002_msplit.patch.sig https://ftp.openbsd.org/pub/OpenBSD/patches/7.3/common/019_msplit.patch.sig https://github.com/openbsd/src/commit/7b4d35e0a60ba1dd4daf4b1c2932020a22463a89	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2023-52557`	vulnerable	2026-06-08 06:17:55.329235	OpenBSD 7.3 invalid l2tp message npppd crash In OpenBSD 7.3 before errata 016, npppd(8) could crash by a l2tp message which has an AVP (Attribute-Value Pair) with wrong length. Published: 2024-03-01T16:14:56.065Z Updated: 2024-08-02T23:03:20.647Z Open on db.gcve.eu Reference links https://ftp.openbsd.org/pub/OpenBSD/patches/7.3/common/016_npppd.patch.sig https://github.com/openbsd/src/commit/abf3a29384c582c807a621e7fc6e7c68d0cafe9b	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2023-40216`	vulnerable	2026-06-08 06:09:41.472816	Details available OpenBSD 7.3 before errata 014 is missing an argument-count bounds check in console terminal emulation. This could cause incorrect memory access and a kernel crash after receiving crafted DCS or CSI terminal escape sequences. Published: 2023-08-10T00:00:00.000Z Updated: 2024-10-09T20:23:52.142Z Open on db.gcve.eu Reference links https://ftp.openbsd.org/pub/OpenBSD/patches/7.3/common/014_wscons.patch.sig https://github.com/openbsd/src/commit/9d3f688f46eba347e96ff0ae9506ef2061622e0c	Imported from gcve-enriched-dumps CVE data

Contribute

You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.

OpenBSD 7.3 Errata 011

PURL mappings

Vulnerability references

Contribute