CVE-2019-3833

Published: Mar 14, 2019Modified: Nov 21, 2024

7.5

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Exploitability: 3.9 / Impact: 3.6

Source: NVD

Description

Openwsman, versions up to and including 2.6.9, are vulnerable to infinite loop in process_connection() when parsing specially crafted HTTP requests. A remote, unauthenticated attacker can exploit this vulnerability by sending malicious HTTP request to cause denial of service to openwsman server.

Affected (6)

Products: Openwsman Project: Openwsman · Fedoraproject: Fedora · Opensuse: Leap

Openwsman Project

1 product

1 product

1 product

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Openwsman Project Openwsman	Up to 2.6.9

Configuration B

3 vulnerable

Vulnerable Software	Affected Versions
Fedoraproject Fedora	Version 28
Fedoraproject Fedora	Version 29
Fedoraproject Fedora	Version 30

Configuration C

2 vulnerable

Vulnerable Software	Affected Versions
Opensuse Leap	Version 15.0
Opensuse Leap	Version 42.3

Related CWEs

Loop with Unreachable Exit Condition ('Infinite Loop')

The product contains an iteration or loop with an exit condition that cannot be reached, i.e., an infinite loop.

References (16)

http://bugzilla.suse.com/show_bug.cgi?id=1122623

Source: secalert@redhat.com

Issue TrackingThird Party Advisory

http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00006.html

Source: secalert@redhat.com

Mailing ListThird Party Advisory

http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00065.html

Source: secalert@redhat.com

Mailing ListThird Party Advisory

http://www.securityfocus.com/bid/107367

Source: secalert@redhat.com

Third Party AdvisoryVDB Entry

https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3833

Source: secalert@redhat.com

Issue TrackingThird Party Advisory

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2V5HJ355RSKMFQ7GRJAHRZNDVXASF7TA/

Source: secalert@redhat.com

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/B2HEZ7D7GF3HDF36JLGYXIK5URR66DS4/

Source: secalert@redhat.com

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CXQP7UDPRZIZ4LM7FEJCTC2EDUYVOR2J/

Source: secalert@redhat.com

http://bugzilla.suse.com/show_bug.cgi?id=1122623

Source: af854a3a-2127-422b-91ae-364da2661108

Issue TrackingThird Party Advisory

http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00006.html

Source: af854a3a-2127-422b-91ae-364da2661108

Mailing ListThird Party Advisory

http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00065.html

Source: af854a3a-2127-422b-91ae-364da2661108

Mailing ListThird Party Advisory

http://www.securityfocus.com/bid/107367

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party AdvisoryVDB Entry

https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3833

Source: af854a3a-2127-422b-91ae-364da2661108

Issue TrackingThird Party Advisory

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2V5HJ355RSKMFQ7GRJAHRZNDVXASF7TA/

Source: af854a3a-2127-422b-91ae-364da2661108

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/B2HEZ7D7GF3HDF36JLGYXIK5URR66DS4/

Source: af854a3a-2127-422b-91ae-364da2661108

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CXQP7UDPRZIZ4LM7FEJCTC2EDUYVOR2J/

Source: af854a3a-2127-422b-91ae-364da2661108

Timeline

No history available yet.