CVE-2023-20897

CWE-4045 documents4 sources

Severity

5.3MEDIUM

EPSS

0.1%

top 70.58%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Saltstack Salt

Timeline

PublishedSep 5

Description

Salt masters prior to 3005.2 or 3006.2 contain a DOS in minion return. After receiving several bad packets on the request server equal to the number of worker threads, the master will become unresponsive to return requests until restarted.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:LExploitability: 3.9 | Impact: 1.4

Affected Packages3 packages

▶PyPIsalt3006.0rc1 — 3006.2+2

▶NVDsaltstack/salt3006.0 — 3006.2+1

▶CVEListV5saltSalt masters prior to 3005.2 or 3006.2

🔴Vulnerability Details

OSV

Salt vulnerable to denial of service↗2023-09-05

▶

GHSA

Salt vulnerable to denial of service↗2023-09-05

▶

CVEList

CVE-2023-20897: Salt masters prior to 3005↗2023-09-05

▶

OSV

CVE-2023-20897: Salt masters prior to 3005↗2023-09-05

▶