PT-2023-17690 · Salt+3 · Salt+3

Dwoz

Published

2023-09-05

Updated

2025-01-22

CVE-2023-20897

CVSS v3.1

5.3

Medium

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

Name of the Vulnerable Software and Affected Versions Salt masters versions prior to 3005.2 Salt masters versions prior to 3006.2

Description The issue concerns a denial-of-service (DOS) condition in minion return. When the request server receives several bad packets equal to the number of worker threads, the master becomes unresponsive to return requests until it is restarted.

Recommendations For versions prior to 3005.2, update to version 3005.2 or later. For versions prior to 3006.2, update to version 3006.2 or later.

Fix

DoS

Improper Resource Release

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-404

Related Identifiers

ALT-PU-2023-5558

ALT-PU-2023-5591

ALT-PU-2023-5717

ALT-PU-2023-5935

ALT-PU-2025-1673

CVE-2023-20897

GHSA-VPJG-WMF8-29H9

OPENSUSE-SU-2023_3862-1

OPENSUSE-SU-2023_3863-1

OPENSUSE-SU-2023_3885-1

OPENSUSE-SU-2024:13188-1

PYSEC-2023-166

SUSE-SU-2023:3862-1

SUSE-SU-2023:3863-1

SUSE-SU-2023:3864-1

SUSE-SU-2023:3865-1

SUSE-SU-2023:3866-1

SUSE-SU-2023:3876-1

SUSE-SU-2023:3877-1

SUSE-SU-2023:3884-1

SUSE-SU-2023:3885-1

SUSE-SU-2023_3862-1

SUSE-SU-2023_3863-1

SUSE-SU-2023_3864-1

SUSE-SU-2023_3865-1

SUSE-SU-2023_3866-1

Affected Products

Alt Linux

Red Os

Salt

Suse

PT-2023-17690 · Salt+3 · Salt+3

CVE-2023-20897

Weakness Enumeration

Related Identifiers

Affected Products

References · 81