Veracode Vulnerability DatabaseVERACODE:36978Denial Of Service (DoS)
7.5 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
5 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:N/I:N/A:P
0.001 Low
EPSS
Percentile
18.0%
github.com/fluxcd/helm-controller and github.com/fluxcd/flux2 are vulnerable to denial of service (DoS) attacks. A remote authenticated attacker is able to cause a system panic by supplying specific data inputs, resulting in denial of service conditions via high memory consumption.
References
bugs.chromium.org/p/oss-fuzz/issues/detail?id=44996
bugs.chromium.org/p/oss-fuzz/issues/detail?id=48360
github.com/fluxcd/flux2/commit/93fdd795da264491d5fc60a63a275425438fad01
github.com/fluxcd/flux2/issues/2952
github.com/fluxcd/flux2/pull/2999
github.com/fluxcd/flux2/security/advisories/GHSA-p2g7-xwvr-rrw3
github.com/fluxcd/helm-controller/commit/2195310e7c2cdeb201b4b99d4655d2b62800f6f1
github.com/fluxcd/helm-controller/pull/516
github.com/helm/helm/security/advisories/GHSA-7hfp-qfw3-5jxh
Related
7.5 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
5 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:N/I:N/A:P
0.001 Low
EPSS
Percentile
18.0%