Lucene search

[email protected]CVE-2023-38200

HistoryJul 24, 2023 - 4:15 p.m.

CVE-2023-38200

2023-07-2416:15:12

CWE-400

CWE-834

[email protected]

web.nvd.nist.gov

cve-2023-38200

keylime

denial of service

ssl connections

vulnerability

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

7 High

AI Score

Confidence

High

0.002 Low

EPSS

Percentile

52.9%

JSON

A flaw was found in Keylime. Due to their blocking nature, the Keylime registrar is subject to a remote denial of service against its SSL connections. This flaw allows an attacker to exhaust all available connections.

Affected configurations

NVD

Node

keylimekeylimeMatch-

Node

redhatenterprise_linuxMatch9.0

redhatenterprise_linux_eusMatch9.2

redhatenterprise_linux_for_ibm_z_systemsMatch9.0_s390x

redhatenterprise_linux_for_ibm_z_systems_eusMatch9.2_s390x

redhatenterprise_linux_for_power_little_endianMatch9.0_ppc64le

redhatenterprise_linux_for_power_little_endian_eusMatch9.0_ppc64le

redhatenterprise_linux_server_ausMatch9.2

Node

fedoraprojectfedoraMatch38

CPENameOperatorVersion
keylime:keylimekeylimeeq-

CPE	Name	Operator	Version
keylime:keylime	keylime	eq	-

CNA Affected

[
  {
    "vendor": "Red Hat",
    "product": "Red Hat Enterprise Linux 9",
    "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
    "packageName": "keylime",
    "defaultStatus": "affected",
    "versions": [
      {
        "version": "0:6.5.2-6.el9_2",
        "lessThan": "*",
        "versionType": "rpm",
        "status": "unaffected"
      }
    ],
    "cpes": [
      "cpe:/a:redhat:enterprise_linux:9::appstream"
    ]
  }
]