CVE-2024-1930

Name of the Vulnerable Software and Affected Versions dnf5daemon-server versions prior to 5.1.17

Description The issue allows a malicious user to impact availability by creating an unlimited number of sessions using the open session() D-Bus method. For each session, a thread is created in dnf5daemon-server, consuming a significant amount of memory. This can lead to a situation where further connections become impossible, likely due to the D-Bus service being unable to spawn additional threads.

Recommendations For versions prior to 5.1.17, update to version 5.1.17 or later to resolve the issue. As a temporary workaround, consider restricting access to the open session() D-Bus method to minimize the risk of exploitation.