CVE-2023-20897

Salt masters prior to 3005.2 or 3006.2 contain a DOS in minion return. After receiving several bad packets on the request server equal to the number of worker threads, the master will become unresponsive to return requests until restarted.
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:saltstack:salt:*:*:*:*:*:*:*:*
cpe:2.3:a:saltstack:salt:*:*:*:*:*:*:*:*

History

14 Sep 2023, 03:15

Type Values Removed Values Added
References
  • (MISC) https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OMWJIHQZXHK6FH2E3IWAZCYIRI7FLVOL/ -

07 Sep 2023, 19:40

Type Values Removed Values Added
References (MISC) https://saltproject.io/security-announcements/2023-08-10-advisory/ - (MISC) https://saltproject.io/security-announcements/2023-08-10-advisory/ - Vendor Advisory
CPE cpe:2.3:a:saltstack:salt:*:*:*:*:*:*:*:*
CVSS v2 : unknown
v3 : unknown
v2 : unknown
v3 : 5.3
First Time Saltstack salt
Saltstack
CWE CWE-404

05 Sep 2023, 11:15

Type Values Removed Values Added
New CVE

Information

Published : 2023-09-05 11:15

Updated : 2024-02-28 20:33


NVD link : CVE-2023-20897

Mitre link : CVE-2023-20897

CVE.ORG link : CVE-2023-20897


JSON object : View

Products Affected

saltstack

  • salt
CWE
CWE-404

Improper Resource Shutdown or Release