CVE-2019-3833 — Infinite Loop in Project Openwsman

CWE-835 — Infinite Loop8 documents7 sources

Severity

7.5HIGHNVD

EPSS

3.0%

top 13.46%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Openwsman Project Openwsman Fedoraproject Fedora Opensuse Leap

Timeline

PublishedMar 14

Latest updateMay 13

Description

Openwsman, versions up to and including 2.6.9, are vulnerable to infinite loop in process_connection() when parsing specially crafted HTTP requests. A remote, unauthenticated attacker can exploit this vulnerability by sending malicious HTTP request to cause denial of service to openwsman server.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:HExploitability: 3.9 | Impact: 3.6

Affected Packages2 packages

▶NVDopenwsman_project/openwsman2.6.9

▶NVDopensuse/leap15.0, 42.3+1

Also affects: Fedora 28, 29, 30

🔴Vulnerability Details

GHSA

GHSA-6gg2-jx5v-58c2: Openwsman, versions up to and including 2↗2022-05-13

▶

OSV

CVE-2019-3833: Openwsman, versions up to and including 2↗2019-03-14

▶

CVEList

CVE-2019-3833: Openwsman, versions up to and including 2↗2019-03-14

▶

📋Vendor Advisories

Red Hat

openwsman: Infinite loop in process_connection() allows denial of service↗2019-03-12

▶

Microsoft

Openwsman versions up to and including 2.6.9 are vulnerable to infinite loop in process_connection() when parsing specially crafted HTTP requests. A remote unauthenticated attacker can exploit this vu↗2019-03-12

▶

💬Community

Bugzilla

CVE-2019-3833 openwsman: Infinite loop in process_connection() allows denial of service [fedora-all]↗2019-03-12

▶

Bugzilla

CVE-2019-3833 openwsman: Infinite loop in process_connection() allows denial of service↗2019-02-11

▶