CVE-2023-38200

A flaw was found in Keylime. Due to their blocking nature, the Keylime registrar is subject to a remote denial of service against its SSL connections. This flaw allows an attacker to exhaust all available connections.
Configurations

Configuration 1 (hide)

cpe:2.3:a:keylime:keylime:-:*:*:*:*:*:*:*

Configuration 2 (hide)

OR cpe:2.3:o:redhat:enterprise_linux:9.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_eus:9.2:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems:9.0_s390x:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems_eus:9.2_s390x:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian:9.0_ppc64le:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian_eus:9.0_ppc64le:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server_aus:9.2:*:*:*:*:*:*:*

Configuration 3 (hide)

cpe:2.3:o:fedoraproject:fedora:38:*:*:*:*:*:*:*

History

16 Sep 2024, 13:15

Type Values Removed Values Added
References
  • {'url': 'https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZIZZB5NHNCS5D2AEH3ZAO6OQC72IK7WS/', 'tags': ['Mailing List'], 'source': 'secalert@redhat.com'}

28 Dec 2023, 15:40

Type Values Removed Values Added
First Time Redhat enterprise Linux For Ibm Z Systems Eus
Redhat enterprise Linux Eus
Redhat enterprise Linux For Power Little Endian Eus
Redhat enterprise Linux Server Aus
Redhat enterprise Linux For Power Little Endian
Redhat enterprise Linux For Ibm Z Systems
CPE cpe:2.3:o:fedoraproject:fedora:-:*:*:*:*:*:*:* cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian_eus:9.0_ppc64le:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems:9.0_s390x:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems_eus:9.2_s390x:*:*:*:*:*:*:*
cpe:2.3:o:fedoraproject:fedora:38:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_eus:9.2:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server_aus:9.2:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian:9.0_ppc64le:*:*:*:*:*:*:*
References (MISC) https://access.redhat.com/errata/RHSA-2023:5080 - (MISC) https://access.redhat.com/errata/RHSA-2023:5080 - Third Party Advisory
References () https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZIZZB5NHNCS5D2AEH3ZAO6OQC72IK7WS/ - () https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZIZZB5NHNCS5D2AEH3ZAO6OQC72IK7WS/ - Mailing List

12 Nov 2023, 03:15

Type Values Removed Values Added
References
  • () https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZIZZB5NHNCS5D2AEH3ZAO6OQC72IK7WS/ -

12 Sep 2023, 16:15

Type Values Removed Values Added
References
  • (MISC) https://access.redhat.com/errata/RHSA-2023:5080 -

01 Aug 2023, 20:27

Type Values Removed Values Added
References (MISC) https://github.com/keylime/keylime/pull/1421 - (MISC) https://github.com/keylime/keylime/pull/1421 - Patch
References (MISC) https://bugzilla.redhat.com/show_bug.cgi?id=2222692 - (MISC) https://bugzilla.redhat.com/show_bug.cgi?id=2222692 - Issue Tracking, Third Party Advisory
References (MISC) https://access.redhat.com/security/cve/CVE-2023-38200 - (MISC) https://access.redhat.com/security/cve/CVE-2023-38200 - Third Party Advisory
CVSS v2 : unknown
v3 : unknown
v2 : unknown
v3 : 7.5
CWE CWE-834
First Time Keylime keylime
Fedoraproject
Keylime
Redhat
Fedoraproject fedora
Redhat enterprise Linux
CPE cpe:2.3:o:redhat:enterprise_linux:9.0:*:*:*:*:*:*:*
cpe:2.3:a:keylime:keylime:-:*:*:*:*:*:*:*
cpe:2.3:o:fedoraproject:fedora:-:*:*:*:*:*:*:*

24 Jul 2023, 16:15

Type Values Removed Values Added
New CVE

Information

Published : 2023-07-24 16:15

Updated : 2024-09-16 13:15


NVD link : CVE-2023-38200

Mitre link : CVE-2023-38200

CVE.ORG link : CVE-2023-38200


JSON object : View

Products Affected

redhat

  • enterprise_linux
  • enterprise_linux_for_ibm_z_systems
  • enterprise_linux_for_power_little_endian_eus
  • enterprise_linux_server_aus
  • enterprise_linux_eus
  • enterprise_linux_for_ibm_z_systems_eus
  • enterprise_linux_for_power_little_endian

keylime

  • keylime

fedoraproject

  • fedora
CWE
CWE-834

Excessive Iteration

CWE-400

Uncontrolled Resource Consumption