#VU18314 Infinite loop in OpenWSMAN - CVE-2019-3833
Published: April 18, 2019
Vulnerability identifier: #VU18314
Vulnerability risk: Medium
CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green
CVE-ID: CVE-2019-3833
CWE-ID: CWE-835
Exploitation vector: Remote access
Exploit availability:
No public exploit available
Vulnerable software:
OpenWSMAN
OpenWSMAN
Software vendor:
Openwsman
Openwsman
Description
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to infinite loop within the process_connection() function when processing HTTP requests. A remote attacker can send a specially crafted HTTP request to the affected server and consume all available system resources and cause denial of service conditions.
Remediation
Cybersecurity Help is currently unaware of any official solution to address this vulnerability.
External links
- http://bugzilla.suse.com/show_bug.cgi?id=1122623
- http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00006.html
- http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00065.html
- http://www.securityfocus.com/bid/107367
- https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3833
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2V5HJ355RSKMFQ7GRJAHRZNDVXASF7TA/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/B2HEZ7D7GF3HDF36JLGYXIK5URR66DS4/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CXQP7UDPRZIZ4LM7FEJCTC2EDUYVOR2J/