CVE-2023-40711 – This vulnerability in Veilid allows remote atta... (How to Fix)

Q: What is the severity of CVE-2023-40711?

CVE-2023-40711 has a CVSS score of 7.5 (HIGH). This vulnerability in Veilid allows remote attackers to send specially crafted packets that cause excessive memory consumption during decompression, leading to denial of service through application crashes. Any system running vulnerable Veilid versions is affected, particularly those exposed to untrusted networks.

📋 TL;DR

This vulnerability in Veilid allows remote attackers to send specially crafted packets that cause excessive memory consumption during decompression, leading to denial of service through application crashes. Any system running vulnerable Veilid versions is affected, particularly those exposed to untrusted networks.

💻 Affected Systems

Products:

Veilid

Versions: All versions before 0.1.9

Operating Systems: All platforms running Veilid

Default Config Vulnerable: ⚠️ Yes

Notes: All deployments of Veilid before version 0.1.9 are vulnerable regardless of configuration.

📦 What is this software?

Veilid by Veilid

View all CVEs affecting Veilid →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete service disruption through repeated crashes, potentially leading to extended downtime and resource exhaustion on the host system.

🟠

Likely Case

Intermittent service interruptions and instability as attackers trigger memory exhaustion crashes.

🟢

If Mitigated

Minimal impact with proper network segmentation and updated software.

🌐 Internet-Facing: HIGH - Remote unauthenticated attackers can exploit this vulnerability without any credentials.

🏢 Internal Only: MEDIUM - Internal attackers or compromised systems could still exploit this, but requires network access to Veilid services.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: CONFIRMED

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

Actively exploited in the wild since August 2023. Attack requires sending crafted packets to vulnerable Veilid instances.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 0.1.9 and later

Vendor Advisory: https://gitlab.com/veilid/veilid/-/blob/main/CHANGELOG.md

Restart Required: Yes

Instructions:

1. Stop Veilid service. 2. Update to version 0.1.9 or later using your package manager or from source. 3. Restart Veilid service.

🔧 Temporary Workarounds

Network Segmentation

all

Restrict network access to Veilid services to trusted sources only

Rate Limiting

all

Implement network rate limiting to reduce impact of DoS attempts

🧯 If You Can't Patch

Implement strict network access controls to limit exposure
Monitor system memory usage and restart services if abnormal consumption detected

🔍 How to Verify

Check if Vulnerable:

Check Veilid version - if version is less than 0.1.9, system is vulnerable

Check Version:

veilid --version or check package manager for installed version

Verify Fix Applied:

Confirm Veilid version is 0.1.9 or higher after update

📡 Detection & Monitoring

Log Indicators:

Application crashes with out-of-memory errors
Abnormal termination of Veilid processes
High memory consumption spikes

Network Indicators:

Unusual packet patterns to Veilid ports
High volume of small packets triggering decompression

SIEM Query:

source="veilid" AND ("out of memory" OR "abort" OR "crash")

📊 Metadata

CVE ID: CVE-2023-40711

CVSS v3 Score: 7.5 (HIGH)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE: CWE-787

Published: August 20, 2023

Last Updated: November 21, 2024

🔗 References

https://gitlab.com/veilid/veilid/-/blob/main/CHANGELOG.md Release Notes
https://gitlab.com/veilid/veilid/-/blob/main/CHANGELOG.md Release Notes

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2023-40711, you might also want to check these: