Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

debian логотип

CVE-2019-16770

Опубликовано: 05 дек. 2019
Источник: debian
EPSS Низкий

Описание

In Puma before versions 3.12.2 and 4.3.1, a poorly-behaved client could use keepalive requests to monopolize Puma's reactor and create a denial of service attack. If more keepalive connections to Puma are opened than there are threads available, additional connections will wait permanently if the attacker sends requests frequently enough. This vulnerability is patched in Puma 4.3.1 and 3.12.2.

Пакеты

ПакетСтатусВерсия исправленияРелизТип
pumafixed3.12.0-4package
pumafixed3.12.0-2+deb10u1busterpackage

Примечания

  • https://github.com/puma/puma/security/advisories/GHSA-7xx3-m584-x994

  • https://github.com/puma/puma/commit/06053e60908074bb38293d4449ea261cb009b53e

  • This is an incomplete fix. When fixing this issue make sure to also apply

  • the fix for CVE-2021-29509 to not open that CVE.

EPSS

Процентиль: 81%
0.01587
Низкий

Связанные уязвимости

ubuntu логотип

CVE-2019-16770

CVSS3: 5.3
ubuntu
около 6 лет назад

In Puma before versions 3.12.2 and 4.3.1, a poorly-behaved client could use keepalive requests to monopolize Puma's reactor and create a denial of service attack. If more keepalive connections to Puma are opened than there are threads available, additional connections will wait permanently if the attacker sends requests frequently enough. This vulnerability is patched in Puma 4.3.1 and 3.12.2.

redhat логотип

CVE-2019-16770

CVSS3: 7.5
redhat
около 6 лет назад

In Puma before versions 3.12.2 and 4.3.1, a poorly-behaved client could use keepalive requests to monopolize Puma's reactor and create a denial of service attack. If more keepalive connections to Puma are opened than there are threads available, additional connections will wait permanently if the attacker sends requests frequently enough. This vulnerability is patched in Puma 4.3.1 and 3.12.2.

nvd логотип

CVE-2019-16770

CVSS3: 5.3
nvd
около 6 лет назад

In Puma before versions 3.12.2 and 4.3.1, a poorly-behaved client could use keepalive requests to monopolize Puma's reactor and create a denial of service attack. If more keepalive connections to Puma are opened than there are threads available, additional connections will wait permanently if the attacker sends requests frequently enough. This vulnerability is patched in Puma 4.3.1 and 3.12.2.

github логотип

GHSA-7xx3-m584-x994

CVSS3: 5.3
github
около 6 лет назад

A poorly-behaved client could use keepalive requests to monopolize Puma's reactor and create a denial of service attack

suse-cvrf логотип

openSUSE-SU-2020:2000-1

suse-cvrf
около 5 лет назад

Security update for rmt-server

EPSS

Процентиль: 81%
0.01587
Низкий