CVE-2018-1269

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2018-1269

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2018-1269.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2018-1269

Published

2018-06-06T20:29:00Z

Modified

2025-01-14T07:22:29.338126Z

Severity

6.5 (Medium) CVSS_V3 - CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVSS Calculator

Summary

[none]

Details

Cloud Foundry Loggregator, versions 89.x prior to 89.5 or 96.x prior to 96.1 or 99.x prior to 99.1 or 101.x prior to 101.9 or 102.x prior to 102.2, does not handle errors thrown while constructing certain http requests. A remote authenticated user may construct malicious requests to cause the traffic controller to leave dangling TCP connections, which could cause denial of service.

References

https://www.cloudfoundry.org/blog/cve-2018-1269

Affected packages

Git / github.com/cloudfoundry/loggregator-release

Affected ranges

Type: GIT
Repo: https://github.com/cloudfoundry/loggregator-release
Events: Introduced

c028548a7e1525e5ea7e0f99f3889e7d13a6332c

Fixed

0a7879104ee30a9d333954266e42933c0b209b8d

Affected versions

Other

v89

v89.*

v89.2

v89.3

v89.4