Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2023-2253

Опубликовано: 09 мая 2023
Источник: redhat
CVSS3: 6.5
EPSS Низкий

Описание

A flaw was found in the /v2/_catalog endpoint in distribution/distribution, which accepts a parameter to control the maximum number of records returned (query string: n). This vulnerability allows a malicious user to submit an unreasonably large value for n, causing the allocation of a massive string array, possibly causing a denial of service through excessive use of memory.

Затронутые пакеты

ПлатформаПакетСостояниеРекомендацияРелиз
OpenShift Developer Tools and ServiceshelmAffected
Red Hat OpenShift Container Platform 4openshift4/ose-consoleWill not fix
Red Hat OpenShift Container Platform 4openshift4/ose-openshift-apiserver-rhel9Affected
OADP-1.1-RHEL-8oadp/oadp-velero-plugin-rhel8FixedRHSA-2023:531420.09.2023
Red Hat OpenShift Container Platform 4.11openshift4/ose-docker-registryFixedRHSA-2023:569718.10.2023
Red Hat OpenShift Container Platform 4.12openshift4/ose-docker-registryFixedRHSA-2023:539004.10.2023
Red Hat OpenShift Container Platform 4.13openshift4/ose-docker-registryFixedRHSA-2023:515519.09.2023

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Moderate
Дефект:
CWE-475->CWE-770
https://bugzilla.redhat.com/show_bug.cgi?id=2189886distribution/distribution: DoS from malicious API request

EPSS

Процентиль: 26%
0.00093
Низкий

6.5 Medium

CVSS3

Связанные уязвимости

ubuntu логотип

CVE-2023-2253

CVSS3: 6.5
ubuntu
больше 2 лет назад

A flaw was found in the `/v2/_catalog` endpoint in distribution/distribution, which accepts a parameter to control the maximum number of records returned (query string: `n`). This vulnerability allows a malicious user to submit an unreasonably large value for `n,` causing the allocation of a massive string array, possibly causing a denial of service through excessive use of memory.

nvd логотип

CVE-2023-2253

CVSS3: 6.5
nvd
больше 2 лет назад

A flaw was found in the `/v2/_catalog` endpoint in distribution/distribution, which accepts a parameter to control the maximum number of records returned (query string: `n`). This vulnerability allows a malicious user to submit an unreasonably large value for `n,` causing the allocation of a massive string array, possibly causing a denial of service through excessive use of memory.

msrc логотип

CVE-2023-2253

CVSS3: 6.5
msrc
больше 2 лет назад

Описание отсутствует

debian логотип

CVE-2023-2253

CVSS3: 6.5
debian
больше 2 лет назад

A flaw was found in the `/v2/_catalog` endpoint in distribution/distri ...

suse-cvrf логотип

SUSE-SU-2023:2298-1

suse-cvrf
больше 2 лет назад

Security update for distribution

EPSS

Процентиль: 26%
0.00093
Низкий

6.5 Medium

CVSS3