Login Sign Up

CVE-2023-2968

7.5 HIGH
Denial of Service

📋 TL;DR

This vulnerability allows a remote attacker to cause a denial of service by sending a crafted HTTP request that triggers a TypeError exception when accessing an undefined socket.remoteAddress variable. It affects systems running vulnerable proxy software that improperly handles this variable. The impact is service disruption without requiring authentication.

💻 Affected Systems

Products:
  • JFrog Xray (proxy component)
Versions: Specific versions not detailed in references; check JFrog advisory for exact range
Operating Systems: All platforms running vulnerable JFrog Xray
Default Config Vulnerable: ⚠️ Yes
Notes: Affects the proxy component within JFrog Xray when handling HTTP requests.

📦 What is this software?

Proxy by Proxy Project

View all CVEs affecting Proxy →

Proxy by Proxy Project

View all CVEs affecting Proxy →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete service outage for affected proxy services, potentially cascading to dependent applications.

🟠

Likely Case

Temporary service disruption until the process restarts, with potential for repeated attacks.

🟢

If Mitigated

Minimal impact with proper network segmentation and request filtering in place.

🌐 Internet-Facing: HIGH
🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: LIKELY
Unauthenticated Exploit: ⚠️ Yes
Complexity: LOW

Exploitation requires sending crafted HTTP requests but no authentication.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Check JFrog security advisory for specific patched versions

Vendor Advisory: https://research.jfrog.com/vulnerabilities/undefined-variable-usage-in-proxy-leads-to-remote-denial-of-service-xray-520917

Restart Required: Yes

Instructions:

1. Check JFrog advisory for patched version. 2. Update JFrog Xray to the patched version. 3. Restart the Xray service.

🔧 Temporary Workarounds

Network Filtering

all

Block or filter suspicious HTTP requests at network perimeter or WAF.

Access Restriction

all

Restrict network access to JFrog Xray proxy to trusted sources only.

🧯 If You Can't Patch

  • Implement strict network segmentation to isolate JFrog Xray from untrusted networks.
  • Deploy a web application firewall (WAF) with rules to detect and block crafted HTTP requests.

🔍 How to Verify

Check if Vulnerable:

Check JFrog Xray version against advisory; monitor for TypeError exceptions in logs related to socket.remoteAddress.

Check Version:

Check JFrog Xray documentation for version command (typically via web interface or configuration files).

Verify Fix Applied:

Verify JFrog Xray is updated to patched version and no TypeError exceptions occur during testing with normal traffic.

📡 Detection & Monitoring

Log Indicators:

  • TypeError exceptions mentioning socket.remoteAddress
  • Unusual HTTP request patterns

Network Indicators:

  • Crafted HTTP requests to proxy endpoints
  • Increased error responses

SIEM Query:

source="jfrog-xray" AND ("TypeError" OR "socket.remoteAddress")

📊 Metadata

CVE ID: CVE-2023-2968
CVSS v3 Score: 7.5 (HIGH)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
CWE: CWE-232
Published: May 30, 2023
Last Updated: November 21, 2024

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2023-2968, you might also want to check these:

CVE-2023-39914 7.5

The bcder library from NLnet Labs up to version 0.7.2 contains a vulnerability where decoding certai...

Same vulnerability type (CWE-232)
CVE-2025-40775 7.5

A vulnerability in BIND DNS servers causes immediate crash when processing DNS messages with TSIG co...

Same vulnerability type (CWE-232)