CVE-2019-18904

Published: Apr 3, 2020Modified: Nov 21, 2024

7.5

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Exploitability: 3.9 / Impact: 3.6

Source: NVD

Description

A Uncontrolled Resource Consumption vulnerability in rmt of SUSE Linux Enterprise High Performance Computing 15-ESPOS, SUSE Linux Enterprise High Performance Computing 15-LTSS, SUSE Linux Enterprise Module for Public Cloud 15-SP1, SUSE Linux Enterprise Module for Server Applications 15, SUSE Linux Enterprise Module for Server Applications 15-SP1, SUSE Linux Enterprise Server 15-LTSS, SUSE Linux Enterprise Server for SAP 15; openSUSE Leap 15.1 allows remote attackers to cause DoS against rmt by requesting migrations. This issue affects: SUSE Linux Enterprise High Performance Computing 15-ESPOS rmt-server versions prior to 2.5.2-3.26.1. SUSE Linux Enterprise High Performance Computing 15-LTSS rmt-server versions prior to 2.5.2-3.26.1. SUSE Linux Enterprise Module for Public Cloud 15-SP1 rmt-server versions prior to 2.5.2-3.9.1. SUSE Linux Enterprise Module for Server Applications 15 rmt-server versions prior to 2.5.2-3.26.1. SUSE Linux Enterprise Module for Server Applications 15-SP1 rmt-server versions prior to 2.5.2-3.9.1. SUSE Linux Enterprise Server 15-LTSS rmt-server versions prior to 2.5.2-3.26.1. SUSE Linux Enterprise Server for SAP 15 rmt-server versions prior to 2.5.2-3.26.1. openSUSE Leap 15.1 rmt-server versions prior to 2.5.2-lp151.2.9.1.

Affected (3)

Products: Opensuse: Rmt Server

Opensuse

1 product

Rmt Server

Configuration A

1 vulnerable · 5 platform

Vulnerable Software	Affected Versions
Opensuse Rmt Server	Up to 2.5.2-3.26.1

Running on/with	Platform Versions
Suse Linux Enterprise High Performance Computing	Version 15.0
Suse Linux Enterprise High Performance Computing	Version 15.0
Suse Linux Enterprise Server	Version 15
Suse Linux Enterprise Server	Version 15
Suse Linux Enterprise Server	Version 15

Configuration B

1 vulnerable · 2 platform

Vulnerable Software	Affected Versions
Opensuse Rmt Server	Up to 2.5.2-3.9.1

Running on/with	Platform Versions
Suse Linux Enterprise	Version 15.0 sp1
Suse Linux Enterprise Server	Version 15 sp1

Configuration C

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Opensuse Rmt Server	Up to 2.5.2-lp151.2.9.1

Running on/with	Platform Versions
Opensuse Leap	Version 15.1

Related CWEs

CWE-400

Uncontrolled Resource Consumption

The product does not properly control the allocation and maintenance of a limited resource, thereby enabling an actor to influence the amount of resources consumed, eventually leading to the exhaustion of available resources.

References (2)

https://bugzilla.suse.com/show_bug.cgi?id=1160922

Source: meissner@suse.de

ExploitIssue TrackingVendor Advisory

https://bugzilla.suse.com/show_bug.cgi?id=1160922

Source: af854a3a-2127-422b-91ae-364da2661108

ExploitIssue TrackingVendor Advisory

Timeline

No history available yet.