CVE-2023-20897

Source
https://cve.org/CVERecord?id=CVE-2023-20897
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2023-20897.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2023-20897
Aliases
Downstream
Related
Published
2023-09-05T10:56:33.183Z
Modified
2026-07-08T06:23:22.097532440Z
Severity
  • 5.3 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L CVSS Calculator
Summary
[none]
Details

Salt masters prior to 3005.2 or 3006.2 contain a DOS in minion return. After receiving several bad packets on the request server equal to the number of worker threads, the master will become unresponsive to return requests until restarted.

Database specific
{
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2023/20xxx/CVE-2023-20897.json",
    "cna_assigner": "vmware",
    "unresolved_ranges": [
        {
            "extracted_events": [
                {
                    "introduced": "Salt masters prior to 3005.2 or 3006.2"
                },
                {
                    "last_affected": "Salt masters prior to 3005.2 or 3006.2"
                }
            ],
            "source": "AFFECTED_FIELD"
        }
    ]
}
References

Affected packages

Git / github.com/saltstack/salt

Affected ranges

Type
GIT
Repo
https://github.com/saltstack/salt
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed
Introduced
Fixed
Database specific
{
    "cpe": "cpe:2.3:a:saltstack:salt:*:*:*:*:*:*:*:*",
    "extracted_events": [
        {
            "introduced": "0"
        },
        {
            "fixed": "3005.2"
        },
        {
            "introduced": "3006.0"
        },
        {
            "fixed": "3006.2"
        }
    ],
    "source": "CPE_RANGE"
}

Affected versions

v0.*
v0.10.0
v0.10.1
v0.10.2
v0.10.3
v0.10.4
v0.10.5
v0.11.0
v0.12.0
v0.13.0
v0.14.0
v0.15.0
v0.16
v0.17
v0.6.0
v0.7.0
v0.8.0
v0.8.7
v0.8.9
v0.9.0
v0.9.1
v0.9.2
v0.9.3
v0.9.9
v2014.*
v2014.1
v2014.7
v2015.*
v2015.2
v2015.5
v2015.8
v2016.*
v2016.11
v2016.3
v2016.9
v2017.*
v2017.5
v2017.7
v2018.*
v2018.11
v2018.2
v2018.3
v2019.*
v2019.2
v2019.2.1
v2019.2.1rc1
Other
v3000
v3000_docs
v3001
v3001rc1
v3002
v3002rc1
v3003rc1
v3005
v3005rc1
v3005rc2
v3000.*
v3000.0rc1
v3000.0rc2
v3000.1
v3001.*
v3001.1
v3002.*
v3002.2
v3005.*
v3005.1
v3005.1-2
v3005.1-3
v3005.1-4
v3006.*
v3006.0
v3006.1

Database specific

source
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2023-20897.json"