CVE-2023-20897
Summary
| CVE | CVE-2023-20897 |
|---|---|
| State | PUBLIC |
| Assigner | [email protected] |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2023-09-05 11:15:00 UTC |
| Updated | 2023-09-14 03:15:00 UTC |
| Description | Salt masters prior to 3005.2 or 3006.2 contain a DOS in minion return. After receiving several bad packets on the request server equal to the number of worker threads, the master will become unresponsive to return requests until restarted. |
Risk And Classification
Problem Types: CWE-404
NVD Known Affected Configurations (CPE 2.3)
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| Saltproject.io - Salt security advisory release - 2023-AUG-10 | MISC | saltproject.io | |
| [SECURITY] Fedora 37 Update: salt-3005.2-1.fc37 - package-announce - Fedora Mailing-Lists | MISC | lists.fedoraproject.org | |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
No vendor comments have been submitted for this CVE.
Legacy QID Mappings
- 284507 Fedora Security Update for salt (FEDORA-2023-ac1aa963e4)
- 754980 SUSE Enterprise Linux Security Update for salt (SUSE-SU-2023:3866-1)
- 754981 SUSE Enterprise Linux Security Update for salt (SUSE-SU-2023:3865-1)
- 754982 SUSE Enterprise Linux Security Update for salt (SUSE-SU-2023:3864-1)
- 754983 SUSE Enterprise Linux Security Update for salt (SUSE-SU-2023:3863-1)
- 754984 SUSE Enterprise Linux Security Update for salt (SUSE-SU-2023:3862-1)