Home

CVE-2019-3833

Description

Openwsman, versions up to and including 2.6.9, are vulnerable to infinite loop in process_connection() when parsing specially crafted HTTP requests. A remote, unauthenticated attacker can exploit this vulnerability by sending malicious HTTP request to cause denial of service to openwsman server.

Risk Information

Base Score
7.5
MODERATE
Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
EPSS Score
Exploitation Probability
0.72

Associated Vulnerability

VulnerabilityOS Platform
SUSE-SU-2019:0656-1(SUSE Linux Enterprise Desktop 12-SP3 ) libwsman1-2.4.11-21.8.1.x86_64.rpmLinux
SUSE-SU-2019:0656-1(SUSE Linux Enterprise Desktop 12-SP3 ) libwsman1-debuginfo-2.4.11-21.8.1.x86_64.rpmLinux
SUSE-SU-2019:0656-1(SUSE Linux Enterprise Desktop 12-SP3 ) libwsman_clientpp1-2.4.11-21.8.1.x86_64.rpmLinux
SUSE-SU-2019:0656-1(SUSE Linux Enterprise Desktop 12-SP3 ) libwsman_clientpp1-debuginfo-2.4.11-21.8.1.x86_64.rpmLinux
SUSE-SU-2019:0656-1(SUSE Linux Enterprise Desktop 12-SP3 ) openwsman-debugsource-2.4.11-21.8.1.x86_64.rpmLinux
SUSE-SU-2019:0656-1(SUSE Linux Enterprise Desktop 12-SP3 ) openwsman-server-2.4.11-21.8.1.x86_64.rpmLinux
SUSE-SU-2019:0656-1(SUSE Linux Enterprise Desktop 12-SP3 ) openwsman-server-debuginfo-2.4.11-21.8.1.x86_64.rpmLinux
SUSE-SU-2019:13981-1(SUSE Linux Enterprise Server 11-SP4 ) libwsman1-2.2.3-0.16.8.1.i586.rpmLinux
SUSE-SU-2019:13981-1(SUSE Linux Enterprise Server 11-SP4 ) libwsman1-2.2.3-0.16.8.1.x86_64.rpmLinux
SUSE-SU-2019:13981-1(SUSE Linux Enterprise Server 11-SP4 ) openwsman-client-2.2.3-0.16.8.1.i586.rpmLinux
SUSE-SU-2019:13981-1(SUSE Linux Enterprise Server 11-SP4 ) openwsman-client-2.2.3-0.16.8.1.x86_64.rpmLinux
SUSE-SU-2019:13981-1(SUSE Linux Enterprise Server 11-SP4 ) openwsman-server-2.2.3-0.16.8.1.i586.rpmLinux
SUSE-SU-2019:13981-1(SUSE Linux Enterprise Server 11-SP4 ) openwsman-server-2.2.3-0.16.8.1.x86_64.rpmLinux
(RHSA-2020:3940) openwsman security update libwsman-devel-2.6.3-7.git4391e5c.el7.i686.rpmLinux
(RHSA-2020:3940) openwsman security update libwsman-devel-2.6.3-7.git4391e5c.el7.x86_64.rpmLinux
(RHSA-2020:3940) openwsman security update libwsman1-2.6.3-7.git4391e5c.el7.i686.rpmLinux
(RHSA-2020:3940) openwsman security update libwsman1-2.6.3-7.git4391e5c.el7.x86_64.rpmLinux
(RHSA-2020:3940) openwsman security update openwsman-client-2.6.3-7.git4391e5c.el7.i686.rpmLinux
(RHSA-2020:3940) openwsman security update openwsman-client-2.6.3-7.git4391e5c.el7.x86_64.rpmLinux
(RHSA-2020:3940) openwsman security update openwsman-perl-2.6.3-7.git4391e5c.el7.x86_64.rpmLinux
(RHSA-2020:3940) openwsman security update openwsman-python-2.6.3-7.git4391e5c.el7.x86_64.rpmLinux
(RHSA-2020:3940) openwsman security update openwsman-ruby-2.6.3-7.git4391e5c.el7.x86_64.rpmLinux
(RHSA-2020:3940) openwsman security update openwsman-server-2.6.3-7.git4391e5c.el7.i686.rpmLinux
(RHSA-2020:3940) openwsman security update openwsman-server-2.6.3-7.git4391e5c.el7.x86_64.rpmLinux
(CESA-2020:3940) openwsman security update libwsman-devel-2.6.3-7.git4391e5c.el7.x86_64.rpmLinux
(CESA-2020:3940) openwsman security update libwsman1-2.6.3-7.git4391e5c.el7.x86_64.rpmLinux
(CESA-2020:3940) openwsman security update openwsman-client-2.6.3-7.git4391e5c.el7.x86_64.rpmLinux
(CESA-2020:3940) openwsman security update openwsman-perl-2.6.3-7.git4391e5c.el7.x86_64.rpmLinux
(CESA-2020:3940) openwsman security update openwsman-python-2.6.3-7.git4391e5c.el7.x86_64.rpmLinux
(CESA-2020:3940) openwsman security update openwsman-ruby-2.6.3-7.git4391e5c.el7.x86_64.rpmLinux
(CESA-2020:3940) openwsman security update openwsman-server-2.6.3-7.git4391e5c.el7.x86_64.rpmLinux
(RHSA-2020:3940)Moderate: security update openwsman-debuginfo-2.6.3-7.git4391e5c.el7.i686.rpmLinux
(RHSA-2020:3940)Moderate: security update openwsman-debuginfo-2.6.3-7.git4391e5c.el7.x86_64.rpmLinux
(RHSA-2020:4689)Moderate: security update libwsman1-debuginfo-2.6.5-7.el8.i686.rpmLinux
(RHSA-2020:4689)Moderate: security update libwsman1-debuginfo-2.6.5-7.el8.x86_64.rpmLinux
(RHSA-2020:4689)Moderate: security update openwsman-client-debuginfo-2.6.5-7.el8.i686.rpmLinux
(RHSA-2020:4689)Moderate: security update openwsman-client-debuginfo-2.6.5-7.el8.x86_64.rpmLinux
(RHSA-2020:4689)Moderate: security update openwsman-debuginfo-2.6.5-7.el8.i686.rpmLinux
(RHSA-2020:4689)Moderate: security update openwsman-debuginfo-2.6.5-7.el8.x86_64.rpmLinux
(RHSA-2020:4689)Moderate: security update openwsman-perl-debuginfo-2.6.5-7.el8.i686.rpmLinux
(RHSA-2020:4689)Moderate: security update openwsman-perl-debuginfo-2.6.5-7.el8.x86_64.rpmLinux
(RHSA-2020:4689)Moderate: security update openwsman-python3-debuginfo-2.6.5-7.el8.i686.rpmLinux
(RHSA-2020:4689)Moderate: security update openwsman-python3-debuginfo-2.6.5-7.el8.x86_64.rpmLinux
(RHSA-2020:4689)Moderate: security update openwsman-server-debuginfo-2.6.5-7.el8.i686.rpmLinux
(RHSA-2020:4689)Moderate: security update openwsman-server-debuginfo-2.6.5-7.el8.x86_64.rpmLinux
(RHSA-2020:4689)Moderate: security update rubygem-openwsman-debuginfo-2.6.5-7.el8.i686.rpmLinux
(RHSA-2020:4689)Moderate: security update rubygem-openwsman-debuginfo-2.6.5-7.el8.x86_64.rpmLinux
openwsman security update (RLSA-2020:4689) libwsman1-2.6.5-7.el8_3.i686.rpmLinux
openwsman security update (RLSA-2020:4689) libwsman1-2.6.5-7.el8_3.x86_64.rpmLinux
openwsman security update (RLSA-2020:4689) openwsman-client-2.6.5-7.el8_3.i686.rpmLinux
openwsman security update (RLSA-2020:4689) openwsman-client-2.6.5-7.el8_3.x86_64.rpmLinux
openwsman security update (RLSA-2020:4689) openwsman-server-2.6.5-7.el8_3.i686.rpmLinux
openwsman security update (RLSA-2020:4689) openwsman-server-2.6.5-7.el8_3.x86_64.rpmLinux
openwsman security update (RLSA-2020:4689) openwsman-python3-2.6.5-7.el8_3.x86_64.rpmLinux
Libwsman1 update (ELSA-2020-3940) libwsman1-2.6.3-7.git4391e5c.el7.i686.rpmLinux
Libwsman1 update (ELSA-2020-3940) libwsman1-2.6.3-7.git4391e5c.el7.x86_64.rpmLinux
Openwsman-client update (ELSA-2020-3940) openwsman-client-2.6.3-7.git4391e5c.el7.i686.rpmLinux
Openwsman-client update (ELSA-2020-3940) openwsman-client-2.6.3-7.git4391e5c.el7.x86_64.rpmLinux
Openwsman-python update (ELSA-2020-3940) openwsman-python-2.6.3-7.git4391e5c.el7.x86_64.rpmLinux
Openwsman-server update (ELSA-2020-3940) openwsman-server-2.6.3-7.git4391e5c.el7.i686.rpmLinux
Openwsman-server update (ELSA-2020-3940) openwsman-server-2.6.3-7.git4391e5c.el7.x86_64.rpmLinux
Libwsman1 update (ELSA-2020-4689) libwsman1-2.6.5-7.el8.i686.rpmLinux
Libwsman1 update (ELSA-2020-4689) libwsman1-2.6.5-7.el8.x86_64.rpmLinux
Openwsman-client update (ELSA-2020-4689) openwsman-client-2.6.5-7.el8.i686.rpmLinux
Openwsman-client update (ELSA-2020-4689) openwsman-client-2.6.5-7.el8.x86_64.rpmLinux
Openwsman-python3 update (ELSA-2020-4689) openwsman-python3-2.6.5-7.el8.x86_64.rpmLinux
Openwsman-server update (ELSA-2020-4689) openwsman-server-2.6.5-7.el8.i686.rpmLinux
Openwsman-server update (ELSA-2020-4689) openwsman-server-2.6.5-7.el8.x86_64.rpmLinux
openwsman Security Update (ALAS-2020-1540) libwsman1-2.6.3-7.git4391e5c.amzn2.i686.rpmLinux
openwsman Security Update (ALAS-2020-1540) libwsman1-2.6.3-7.git4391e5c.amzn2.x86_64.rpmLinux
openwsman Security Update (ALAS-2020-1540) libwsman-devel-2.6.3-7.git4391e5c.amzn2.x86_64.rpmLinux
openwsman Security Update (ALAS-2020-1540) openwsman-perl-2.6.3-7.git4391e5c.amzn2.x86_64.rpmLinux
openwsman Security Update (ALAS-2020-1540) openwsman-ruby-2.6.3-7.git4391e5c.amzn2.x86_64.rpmLinux
openwsman Security Update (ALAS-2020-1540) openwsman-client-2.6.3-7.git4391e5c.amzn2.i686.rpmLinux
openwsman Security Update (ALAS-2020-1540) openwsman-client-2.6.3-7.git4391e5c.amzn2.x86_64.rpmLinux
openwsman Security Update (ALAS-2020-1540) openwsman-python-2.6.3-7.git4391e5c.amzn2.x86_64.rpmLinux
openwsman Security Update (ALAS-2020-1540) openwsman-server-2.6.3-7.git4391e5c.amzn2.i686.rpmLinux
openwsman Security Update (ALAS-2020-1540) openwsman-server-2.6.3-7.git4391e5c.amzn2.x86_64.rpmLinux

Patch Details

No records found

References

https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234