216.73.217.24

CVE-2024-1930

· Published 08/05/2024 02:15 · Modified 08/05/2024 13:15

Labels: CVE-2024-1930 2024-05-08CVE-2024-1930CWE-400[email protected]

Essential information

Published
08/05/2024 02:15
Modified
08/05/2024 13:15
Author
Creator
CVSS
6.5 MEDIUM (v3.1)
CISA KEV
No
CWE
CVSS vector
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H

CVSS metrics

Description

No Limit on Number of Open Sessions / Bad Session Close Behaviour in dnf5daemon-server before 5.1.17 allows a malicious user to impact Availability via No Limit on Number of Open Sessions. There is no limit on how many sessions D-Bus clients may create using the `open_session()` D-Bus method. For each session a thread is created in dnf5daemon-server. This spends a couple of hundred megabytes of memory in the process. Further connections will become impossible, likely because no more threads can be spawned by the D-Bus service.

NVD status

Status
Awaiting Analysis — CVE has been recently published to the CVE List and has been received by the NVD.
Source
[email protected]
NVD
View on NVD

References