CVE-2023-20897

Published: Sep 5, 2023Modified: Feb 13, 2025

5.3

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

Exploitability: 3.9 / Impact: 1.4

Source: NVD

Description

Salt masters prior to 3005.2 or 3006.2 contain a DOS in minion return. After receiving several bad packets on the request server equal to the number of worker threads, the master will become unresponsive to return requests until restarted.

Affected (2)

Products: Saltstack: Salt

Saltstack

1 product

Salt

Configuration A

2 vulnerable

Vulnerable Software	Affected Versions
Saltstack Salt	Before 3005.2
Saltstack Salt	From 3006.0 to 3006.2

Related CWEs

CWE-404

Improper Resource Shutdown or Release

The product does not release or incorrectly releases a resource before it is made available for re-use.

References (4)

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OMWJIHQZXHK6FH2E3IWAZCYIRI7FLVOL/

Source: security@vmware.com

https://saltproject.io/security-announcements/2023-08-10-advisory/

Source: security@vmware.com

Vendor Advisory

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OMWJIHQZXHK6FH2E3IWAZCYIRI7FLVOL/

Source: af854a3a-2127-422b-91ae-364da2661108

https://saltproject.io/security-announcements/2023-08-10-advisory/

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

Timeline

No history available yet.