CVE-2023-20897

Salt masters prior to 3005.2 or 3006.2 contain a DOS in minion return. After receiving several bad packets on the request server equal to the number of worker threads, the master will become unresponsive to return requests until restarted.

References

Affected packages

Git / github.com/saltstack/salt

Affected ranges

Type

GIT

Repo

https://github.com/saltstack/salt

Events

Introduced

Fixed

c71ff9204ab5ae90b21b68cf3447be472a8db8f2

Introduced

86bb64dde27281d545ef46e1a42471a90c494197

Fixed

8f750fa7ae115c48c16ca03ef3f16e4ba76f921c

Database specific

{
    "versions": [
        {
            "introduced": "0"
        },
        {
            "fixed": "3005.2"
        },
        {
            "introduced": "3006.0"
        },
        {
            "fixed": "3006.2"
        }
    ]
}

Affected versions

v0.*

v0.10.0

v0.10.1

v0.10.2

v0.10.3

v0.10.4

v0.10.5

v0.11.0

v0.12.0

v0.13.0

v0.14.0

v0.15.0

v0.16

v0.17

v0.6.0

v0.7.0

v0.8.0

v0.8.7

v0.8.9

v0.9.0

v0.9.1

v0.9.2

v0.9.3

v0.9.9

v2014.*

v2014.1

v2014.7

v2015.*

v2015.2

v2015.5

v2015.8

v2016.*

v2016.11

v2016.3

v2016.9

v2017.*

v2017.5

v2017.7

v2018.*

v2018.11

v2018.2

v2018.3

v2019.*

v2019.2

v2019.2.1

v2019.2.1rc1

Other

v3000

v3000_docs

v3001

v3001rc1

v3002

v3002rc1

v3003rc1

v3005

v3005rc1

v3005rc2

v3000.*

v3000.0rc1

v3000.0rc2

v3000.1

v3001.*

v3001.1

v3002.*

v3002.2

v3005.*

v3005.1

v3005.1-2

v3005.1-3

v3005.1-4

v3006.*

v3006.0

v3006.1

Database specific

source

"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2023-20897.json"