GHSA-pg75-v6fp-8q59
Suggest an improvement- Source
- https://github.com/advisories/GHSA-pg75-v6fp-8q59
- Import Source
- https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2023/08/GHSA-pg75-v6fp-8q59/GHSA-pg75-v6fp-8q59.json
- JSON Data
- https://api.osv.dev/v1/vulns/GHSA-pg75-v6fp-8q59
- Aliases
- Published
- 2023-08-01T20:16:29Z
- Modified
- 2025-02-14T05:29:18.368131Z
- Severity
-
- 7.5 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVSS Calculator
- Summary
- Keylime's registrar vulnerable to Denial-of-service attack via a single open connection
- Details
-
Impact
Keylime
registraris prone to a simple denial of service attack in which an adversary opens a connection to the TLS port (by default, port8891) blocking further, legitimate connections. As long as the connection is open, theregistraris blocked and cannot serve any further clients (agentsandtenants), which prevents normal operation. The problem does not affect theverifier.Patches
Users should upgrade to release 7.4.0
- Database specific
{ "nvd_published_at": null, "github_reviewed_at": "2023-08-01T20:16:29Z", "severity": "HIGH", "github_reviewed": true, "cwe_ids": [ "CWE-834" ] }- References
-
- https://github.com/keylime/keylime/security/advisories/GHSA-pg75-v6fp-8q59
- https://nvd.nist.gov/vuln/detail/CVE-2023-38200
- https://github.com/keylime/keylime/pull/1421
- https://github.com/keylime/keylime/commit/c68d8f0b7ea549c12b6956ab0f3c28ae0360ae17
- https://access.redhat.com/security/cve/CVE-2023-38200
- https://bugzilla.redhat.com/show_bug.cgi?id=2222692
- https://github.com/keylime/keylime
- https://github.com/keylime/keylime/releases/tag/v7.4.0
Affected packages
PyPI / keylime
Package
- Name
- keylime
- View open source insights on deps.dev
- Purl
- pkg:pypi/keylime
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed7.4.0