A flaw was found in the `/v2/_catalog` endpoint in distribution/distribution, which accepts a parameter to control the maximum number of records returned (query string: `n`). This vulnerability allows a malicious user to submit an unreasonably large value for `n,` causing the allocation of a massive string array, possibly causing a denial of service through excessive use of memory.
References
| Link | Resource |
|---|---|
| https://bugzilla.redhat.com/show_bug.cgi?id=2189886 | Issue Tracking Third Party Advisory |
| https://lists.debian.org/debian-lts-announce/2023/06/msg00035.html |
Configurations
Configuration 1 (hide)
|
History
29 Jun 2023, 16:15
| Type | Values Removed | Values Added |
|---|---|---|
| References |
|
13 Jun 2023, 19:09
| Type | Values Removed | Values Added |
|---|---|---|
| References | (MISC) https://bugzilla.redhat.com/show_bug.cgi?id=2189886 - Issue Tracking, Third Party Advisory | |
| First Time |
Redhat openshift Container Platform
Redhat openshift Developer Tools And Services Redhat openshift Api For Data Protection Redhat |
|
| CPE | cpe:2.3:a:redhat:openshift_api_for_data_protection:-:*:*:*:*:*:*:* cpe:2.3:a:redhat:openshift_developer_tools_and_services:-:*:*:*:*:*:*:* cpe:2.3:a:redhat:openshift_container_platform:4.0:*:*:*:*:*:*:* |
|
| CWE | CWE-770 | |
| CVSS |
v2 : v3 : |
v2 : unknown
v3 : 6.5 |
06 Jun 2023, 20:15
| Type | Values Removed | Values Added |
|---|---|---|
| New CVE |
Information
Published : 2023-06-06 20:15
Updated : 2023-12-10 15:01
NVD link : CVE-2023-2253
Mitre link : CVE-2023-2253
CVE.ORG link : CVE-2023-2253
JSON object : View
Products Affected
redhat
- openshift_api_for_data_protection
- openshift_developer_tools_and_services
- openshift_container_platform