Описание
An issue was discovered in ostree before 2022.7 allows attackers to cause a denial of service or other unspecified impacts via the print_panic function in repo_checkout_filter.rs.
A flaw was found in print_panic function in the repo_checkout_filter.rs in ostree. By sending a specially crafted request, a remote attacker could cause a denial of service.
Отчет
This flaw is triggered by handling malicious input (via the print_panic function) causing denial of service, where the overall impact is considered minimal. The ostree versions as distributed with Red Hat Enterprise Linux 8 and 9 are not vulnerable to this flaw as further analysis showed both Red Hat Enterprise Linux were already shipping ostree 2022.7 which already contained the changes to eliminate this vulnerability from the code base. Additionally the vulnerable code path is not exposed to any attacker controlled input, closing the attack surface involved in this CVE.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat Enterprise Linux 7 | ostree | Out of support scope | ||
| Red Hat Enterprise Linux 8 | ostree | Not affected | ||
| Red Hat Enterprise Linux 9 | ostree | Not affected | ||
| Red Hat OpenShift Container Platform 4 | ostree | Affected |
Показывать по
Дополнительная информация
Статус:
7.5 High
CVSS3
Связанные уязвимости
An issue was discovered in ostree before 2022.7 allows attackers to cause a denial of service or other unspecified impacts via the print_panic function in repo_checkout_filter.rs.
An issue was discovered in ostree before 2022.7 allows attackers to cause a denial of service or other unspecified impacts via the print_panic function in repo_checkout_filter.rs.
An issue was discovered in ostree before 2022.7 allows attackers to ca ...
7.5 High
CVSS3