CWE-400
Uncontrolled Resource Consumption
The product does not properly control the allocation and maintenance of a limited resource.
CVE-2016-9589 (GCVE-0-2016-9589)
Vulnerability from cvelistv5 – Published: 2018-03-12 15:00 – Updated: 2024-08-06 02:59
VLAI
Summary
Undertow in Red Hat wildfly before version 11.0.0.Beta1 is vulnerable to a resource exhaustion resulting in a denial of service. Undertow keeps a cache of seen HTTP headers in persistent connections. It was found that this cache can easily exploited to fill memory with garbage, up to "max-headers" (default 200) * "max-header-size" (default 1MB) per active TCP connection.
Severity
No CVSS data available.
CWE
Assigner
References
13 references
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Red Hat, Inc. | wildfly |
Affected:
11.0.0.Beta1
|
Date Public
2017-03-22 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T02:59:02.944Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "RHSA-2017:0831",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2017-0831.html"
},
{
"name": "RHSA-2017:0876",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2017-0876.html"
},
{
"name": "RHSA-2017:0834",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2017-0834.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1404782"
},
{
"name": "RHSA-2017:3458",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2017:3458"
},
{
"name": "RHSA-2017:0832",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2017-0832.html"
},
{
"name": "97060",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/97060"
},
{
"name": "RHSA-2017:3455",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2017:3455"
},
{
"name": "RHSA-2017:3456",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2017:3456"
},
{
"name": "RHSA-2017:0873",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2017:0873"
},
{
"name": "RHSA-2017:3454",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2017:3454"
},
{
"name": "RHSA-2017:0830",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2017-0830.html"
},
{
"name": "RHSA-2017:0872",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2017:0872"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "wildfly",
"vendor": "Red Hat, Inc.",
"versions": [
{
"status": "affected",
"version": "11.0.0.Beta1"
}
]
}
],
"datePublic": "2017-03-22T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Undertow in Red Hat wildfly before version 11.0.0.Beta1 is vulnerable to a resource exhaustion resulting in a denial of service. Undertow keeps a cache of seen HTTP headers in persistent connections. It was found that this cache can easily exploited to fill memory with garbage, up to \"max-headers\" (default 200) * \"max-header-size\" (default 1MB) per active TCP connection."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-400",
"description": "CWE-400",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-03-13T09:57:01.000Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "RHSA-2017:0831",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2017-0831.html"
},
{
"name": "RHSA-2017:0876",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2017-0876.html"
},
{
"name": "RHSA-2017:0834",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2017-0834.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1404782"
},
{
"name": "RHSA-2017:3458",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2017:3458"
},
{
"name": "RHSA-2017:0832",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2017-0832.html"
},
{
"name": "97060",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/97060"
},
{
"name": "RHSA-2017:3455",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2017:3455"
},
{
"name": "RHSA-2017:3456",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2017:3456"
},
{
"name": "RHSA-2017:0873",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2017:0873"
},
{
"name": "RHSA-2017:3454",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2017:3454"
},
{
"name": "RHSA-2017:0830",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2017-0830.html"
},
{
"name": "RHSA-2017:0872",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2017:0872"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2016-9589",
"datePublished": "2018-03-12T15:00:00.000Z",
"dateReserved": "2016-11-23T00:00:00.000Z",
"dateUpdated": "2024-08-06T02:59:02.944Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-0938 (GCVE-0-2017-0938)
Vulnerability from cvelistv5 – Published: 2019-02-12 22:00 – Updated: 2024-09-16 18:49
VLAI
Summary
Denial of Service attack in airMAX < 8.3.2 , airMAX < 6.0.7 and EdgeMAX < 1.9.7 allow attackers to use the Discovery Protocol in amplification attacks.
Severity
No CVSS data available.
CWE
- CWE-400 - Denial of Service (CWE-400)
Assigner
References
3 references
| URL | Tags |
|---|---|
| https://community.ubnt.com/t5/airMAX-Updates-Blog… | x_refsource_MISC |
| https://hackerone.com/reports/221625 | x_refsource_MISC |
| https://community.ubnt.com/t5/airMAX-Updates-Blog… | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| HackerOne | airMAX, EdgeMAX |
Affected:
airMAX < 8.3.2, airMAX < 6.0.7, EdgeRouter < v1.9.7
|
Date Public
2019-02-06 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T13:25:17.343Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://community.ubnt.com/t5/airMAX-Updates-Blog/airOS-v6-0-7-Has-Been-Released/ba-p/2056522"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://hackerone.com/reports/221625"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://community.ubnt.com/t5/airMAX-Updates-Blog/airOS-v8-3-2-Has-Been-Released/ba-p/2049215"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "airMAX, EdgeMAX",
"vendor": "HackerOne",
"versions": [
{
"status": "affected",
"version": "airMAX \u003c 8.3.2, airMAX \u003c 6.0.7, EdgeRouter \u003c v1.9.7"
}
]
}
],
"datePublic": "2019-02-06T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Denial of Service attack in airMAX \u003c 8.3.2 , airMAX \u003c 6.0.7 and EdgeMAX \u003c 1.9.7 allow attackers to use the Discovery Protocol in amplification attacks."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-400",
"description": "Denial of Service (CWE-400)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-02-12T21:57:01.000Z",
"orgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1",
"shortName": "hackerone"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://community.ubnt.com/t5/airMAX-Updates-Blog/airOS-v6-0-7-Has-Been-Released/ba-p/2056522"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://hackerone.com/reports/221625"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://community.ubnt.com/t5/airMAX-Updates-Blog/airOS-v8-3-2-Has-Been-Released/ba-p/2049215"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "support@hackerone.com",
"DATE_PUBLIC": "2019-02-06T00:00:00",
"ID": "CVE-2017-0938",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "airMAX, EdgeMAX",
"version": {
"version_data": [
{
"version_value": "airMAX \u003c 8.3.2, airMAX \u003c 6.0.7, EdgeRouter \u003c v1.9.7"
}
]
}
}
]
},
"vendor_name": "HackerOne"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Denial of Service attack in airMAX \u003c 8.3.2 , airMAX \u003c 6.0.7 and EdgeMAX \u003c 1.9.7 allow attackers to use the Discovery Protocol in amplification attacks."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Denial of Service (CWE-400)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://community.ubnt.com/t5/airMAX-Updates-Blog/airOS-v6-0-7-Has-Been-Released/ba-p/2056522",
"refsource": "MISC",
"url": "https://community.ubnt.com/t5/airMAX-Updates-Blog/airOS-v6-0-7-Has-Been-Released/ba-p/2056522"
},
{
"name": "https://hackerone.com/reports/221625",
"refsource": "MISC",
"url": "https://hackerone.com/reports/221625"
},
{
"name": "https://community.ubnt.com/t5/airMAX-Updates-Blog/airOS-v8-3-2-Has-Been-Released/ba-p/2049215",
"refsource": "MISC",
"url": "https://community.ubnt.com/t5/airMAX-Updates-Blog/airOS-v8-3-2-Has-Been-Released/ba-p/2049215"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1",
"assignerShortName": "hackerone",
"cveId": "CVE-2017-0938",
"datePublished": "2019-02-12T22:00:00.000Z",
"dateReserved": "2016-11-30T00:00:00.000Z",
"dateUpdated": "2024-09-16T18:49:35.479Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-12174 (GCVE-0-2017-12174)
Vulnerability from cvelistv5 – Published: 2018-03-07 22:00 – Updated: 2024-08-05 18:28
VLAI
Summary
It was found that when Artemis and HornetQ before 2.4.0 are configured with UDP discovery and JGroups discovery a huge byte array is created when receiving an unexpected multicast message. This may result in a heap memory exhaustion, full GC, or OutOfMemoryError.
Severity
No CVSS data available.
CWE
Assigner
References
12 references
| URL | Tags |
|---|---|
| https://access.redhat.com/errata/RHSA-2018:0479 | vendor-advisoryx_refsource_REDHAT |
| https://access.redhat.com/errata/RHSA-2018:0481 | vendor-advisoryx_refsource_REDHAT |
| https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2… | x_refsource_CONFIRM |
| https://access.redhat.com/errata/RHSA-2018:0269 | vendor-advisoryx_refsource_REDHAT |
| https://access.redhat.com/errata/RHSA-2018:0270 | vendor-advisoryx_refsource_REDHAT |
| https://access.redhat.com/errata/RHSA-2018:0271 | vendor-advisoryx_refsource_REDHAT |
| https://access.redhat.com/errata/RHSA-2018:0268 | vendor-advisoryx_refsource_REDHAT |
| https://access.redhat.com/errata/RHSA-2018:0480 | vendor-advisoryx_refsource_REDHAT |
| https://access.redhat.com/errata/RHSA-2018:0275 | vendor-advisoryx_refsource_REDHAT |
| https://access.redhat.com/errata/RHSA-2018:0478 | vendor-advisoryx_refsource_REDHAT |
| https://lists.apache.org/thread.html/rc96ad63f148… | mailing-listx_refsource_MLIST |
| https://lists.apache.org/thread.html/rb2fd3bf2dce… | mailing-listx_refsource_MLIST |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Red Hat, Inc. | HornetQ/Artemis |
Affected:
before 2.4.0
|
Date Public
2018-02-05 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T18:28:16.599Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "RHSA-2018:0479",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2018:0479"
},
{
"name": "RHSA-2018:0481",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2018:0481"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-12174"
},
{
"name": "RHSA-2018:0269",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2018:0269"
},
{
"name": "RHSA-2018:0270",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2018:0270"
},
{
"name": "RHSA-2018:0271",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2018:0271"
},
{
"name": "RHSA-2018:0268",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2018:0268"
},
{
"name": "RHSA-2018:0480",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2018:0480"
},
{
"name": "RHSA-2018:0275",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2018:0275"
},
{
"name": "RHSA-2018:0478",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2018:0478"
},
{
"name": "[activemq-commits] 20210127 [activemq-website] branch master updated: Publish CVE-2021-26118",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/rc96ad63f148f784c84ea7f0a178c84a8985c6afccabbcd9847a82088%40%3Ccommits.activemq.apache.org%3E"
},
{
"name": "[activemq-commits] 20210127 [activemq-website] branch master updated: Publish CVE-2021-26117",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/rb2fd3bf2dce042e0ab3f3c94c4767c96bb2e7e6737624d63162df36d%40%3Ccommits.activemq.apache.org%3E"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "HornetQ/Artemis",
"vendor": "Red Hat, Inc.",
"versions": [
{
"status": "affected",
"version": "before 2.4.0"
}
]
}
],
"datePublic": "2018-02-05T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "It was found that when Artemis and HornetQ before 2.4.0 are configured with UDP discovery and JGroups discovery a huge byte array is created when receiving an unexpected multicast message. This may result in a heap memory exhaustion, full GC, or OutOfMemoryError."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-400",
"description": "CWE-400",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-01-27T18:06:16.000Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "RHSA-2018:0479",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2018:0479"
},
{
"name": "RHSA-2018:0481",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2018:0481"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-12174"
},
{
"name": "RHSA-2018:0269",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2018:0269"
},
{
"name": "RHSA-2018:0270",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2018:0270"
},
{
"name": "RHSA-2018:0271",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2018:0271"
},
{
"name": "RHSA-2018:0268",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2018:0268"
},
{
"name": "RHSA-2018:0480",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2018:0480"
},
{
"name": "RHSA-2018:0275",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2018:0275"
},
{
"name": "RHSA-2018:0478",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2018:0478"
},
{
"name": "[activemq-commits] 20210127 [activemq-website] branch master updated: Publish CVE-2021-26118",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/rc96ad63f148f784c84ea7f0a178c84a8985c6afccabbcd9847a82088%40%3Ccommits.activemq.apache.org%3E"
},
{
"name": "[activemq-commits] 20210127 [activemq-website] branch master updated: Publish CVE-2021-26117",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/rb2fd3bf2dce042e0ab3f3c94c4767c96bb2e7e6737624d63162df36d%40%3Ccommits.activemq.apache.org%3E"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2017-12174",
"datePublished": "2018-03-07T22:00:00.000Z",
"dateReserved": "2017-08-01T00:00:00.000Z",
"dateUpdated": "2024-08-05T18:28:16.599Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-12190 (GCVE-0-2017-12190)
Vulnerability from cvelistv5 – Published: 2017-11-22 18:00 – Updated: 2024-08-05 18:28
VLAI
Summary
The bio_map_user_iov and bio_unmap_user functions in block/bio.c in the Linux kernel before 4.13.8 do unbalanced refcounting when a SCSI I/O vector has small consecutive buffers belonging to the same page. The bio_add_pc_page function merges them into one, but the page reference is never dropped. This causes a memory leak and possible system lockup (exploitable against the host OS by a guest OS user, if a SCSI disk is passed through to a virtual machine) due to an out-of-memory condition.
Severity
No CVSS data available.
CWE
Assigner
References
20 references
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| n/a | Linux kernel through v4.14-rc5 |
Affected:
Linux kernel through v4.14-rc5
|
Date Public
2017-11-22 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T18:28:16.645Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=2b04e8f6bbb196cab4b232af0f8d48ff2c7a8058"
},
{
"name": "101911",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/101911"
},
{
"name": "[debian-lts-announce] 20171210 [SECURITY] [DLA 1200-1] linux security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2017/12/msg00004.html"
},
{
"name": "USN-3583-2",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/3583-2/"
},
{
"name": "RHSA-2018:1854",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2018:1854"
},
{
"name": "USN-3582-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/3582-1/"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.13.8"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=95d78c28b5a85bacbc29b8dba7c04babb9b0d467"
},
{
"name": "RHSA-2018:1062",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2018:1062"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/torvalds/linux/commit/95d78c28b5a85bacbc29b8dba7c04babb9b0d467"
},
{
"name": "RHSA-2018:0654",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2018:0654"
},
{
"name": "USN-3583-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/3583-1/"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1495089"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/torvalds/linux/commit/2b04e8f6bbb196cab4b232af0f8d48ff2c7a8058"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://seclists.org/oss-sec/2017/q4/52"
},
{
"name": "RHSA-2018:0676",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2018:0676"
},
{
"name": "USN-3582-2",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/3582-2/"
},
{
"name": "RHSA-2019:1170",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2019:1170"
},
{
"name": "RHSA-2019:1190",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2019:1190"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://support.f5.com/csp/article/K93472064?utm_source=f5support\u0026amp%3Butm_medium=RSS"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Linux kernel through v4.14-rc5",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "Linux kernel through v4.14-rc5"
}
]
}
],
"datePublic": "2017-11-22T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "The bio_map_user_iov and bio_unmap_user functions in block/bio.c in the Linux kernel before 4.13.8 do unbalanced refcounting when a SCSI I/O vector has small consecutive buffers belonging to the same page. The bio_add_pc_page function merges them into one, but the page reference is never dropped. This causes a memory leak and possible system lockup (exploitable against the host OS by a guest OS user, if a SCSI disk is passed through to a virtual machine) due to an out-of-memory condition."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-400",
"description": "CWE-400",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-11-13T02:06:45.000Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=2b04e8f6bbb196cab4b232af0f8d48ff2c7a8058"
},
{
"name": "101911",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/101911"
},
{
"name": "[debian-lts-announce] 20171210 [SECURITY] [DLA 1200-1] linux security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2017/12/msg00004.html"
},
{
"name": "USN-3583-2",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/3583-2/"
},
{
"name": "RHSA-2018:1854",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2018:1854"
},
{
"name": "USN-3582-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/3582-1/"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.13.8"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=95d78c28b5a85bacbc29b8dba7c04babb9b0d467"
},
{
"name": "RHSA-2018:1062",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2018:1062"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/torvalds/linux/commit/95d78c28b5a85bacbc29b8dba7c04babb9b0d467"
},
{
"name": "RHSA-2018:0654",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2018:0654"
},
{
"name": "USN-3583-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/3583-1/"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1495089"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/torvalds/linux/commit/2b04e8f6bbb196cab4b232af0f8d48ff2c7a8058"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://seclists.org/oss-sec/2017/q4/52"
},
{
"name": "RHSA-2018:0676",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2018:0676"
},
{
"name": "USN-3582-2",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/3582-2/"
},
{
"name": "RHSA-2019:1170",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2019:1170"
},
{
"name": "RHSA-2019:1190",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2019:1190"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://support.f5.com/csp/article/K93472064?utm_source=f5support\u0026amp%3Butm_medium=RSS"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2017-12190",
"datePublished": "2017-11-22T18:00:00.000Z",
"dateReserved": "2017-08-01T00:00:00.000Z",
"dateUpdated": "2024-08-05T18:28:16.645Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-12741 (GCVE-0-2017-12741)
Vulnerability from cvelistv5 – Published: 2017-12-26 04:00 – Updated: 2024-08-05 18:51
VLAI
Summary
Specially crafted packets sent to port 161/udp could cause a denial of service condition. The affected devices must be restarted manually.
Severity
CWE
- CWE-400 - Uncontrolled Resource Consumption
Assigner
References
7 references
| URL | Tags |
|---|---|
| https://www.securityfocus.com/bid/101964 | vdb-entryx_refsource_BID |
| https://cert-portal.siemens.com/productcert/pdf/s… | x_refsource_CONFIRM |
| https://cert-portal.siemens.com/productcert/pdf/s… | x_refsource_CONFIRM |
| https://cert-portal.siemens.com/productcert/pdf/s… | x_refsource_CONFIRM |
| https://cert-portal.siemens.com/productcert/html/… | |
| https://cert-portal.siemens.com/productcert/html/… | |
| https://cert-portal.siemens.com/productcert/html/… |
Impacted products
94 products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T18:51:06.315Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "101964",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "https://www.securityfocus.com/bid/101964"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-546832.pdf"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-346262.pdf"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-141614.pdf"
},
{
"tags": [
"x_transferred"
],
"url": "https://cert-portal.siemens.com/productcert/html/ssa-346262.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://cert-portal.siemens.com/productcert/html/ssa-546832.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://cert-portal.siemens.com/productcert/html/ssa-141614.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"product": "Development/Evaluation Kits for PROFINET IO: DK Standard Ethernet Controller",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V4.1.1 Patch 05"
}
]
},
{
"defaultStatus": "unknown",
"product": "Development/Evaluation Kits for PROFINET IO: EK-ERTEC 200",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V4.5"
}
]
},
{
"defaultStatus": "unknown",
"product": "Development/Evaluation Kits for PROFINET IO: EK-ERTEC 200P",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V4.5"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC Compact Field Unit",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC ET 200AL IM 157-1 PN",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V1.0.2",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC ET 200M (incl. SIPLUS variants)",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC ET 200MP IM 155-5 PN BA",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V4.0.2",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC ET 200MP IM 155-5 PN HF",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V4.2.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC ET 200MP IM 155-5 PN ST",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V4.1.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC ET 200pro IM 154-3 PN HF",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC ET 200pro IM 154-4 PN HF",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC ET 200SP IM 155-6 PN BA",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC ET 200SP IM 155-6 PN HA (incl. SIPLUS variants)",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V1.1.0"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC ET 200SP IM 155-6 PN HF",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V4.2.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC ET 200SP IM 155-6 PN HS",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V4.0.1",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC ET 200SP IM 155-6 PN ST",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC ET 200SP IM 155-6 PN ST",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC ET 200SP IM 155-6 PN ST BA",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC ET 200SP IM 155-6 PN ST BA",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC ET200ecoPN, 16DI, DC24V, 8xM12",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC ET200ecoPN, 16DO DC24V/1,3A, 8xM12",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC ET200ecoPN, 4AO U/I 4xM12",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC ET200ecoPN, 8 DIO, DC24V/1,3A, 8xM12",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC ET200ecoPN, 8 DO, DC24V/2A, 8xM12",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC ET200ecoPN, 8AI RTD/TC 8xM12",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC ET200ecoPN, 8AI; 4 U/I; 4 RTD/TC 8xM12",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC ET200ecoPN, 8DI, DC24V, 4xM12",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC ET200ecoPN, 8DI, DC24V, 8xM12",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC ET200ecoPN, 8DO, DC24V/0,5A, 4xM12",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC ET200ecoPN, 8DO, DC24V/1,3A, 4xM12",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC ET200ecoPN, 8DO, DC24V/1,3A, 8xM12",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC ET200ecoPN: IO-Link Master",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC ET200S (incl. SIPLUS variants)",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC PN/PN Coupler (incl. SIPLUS NET variants)",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V4.2.0"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC S7-1200 CPU family (incl. SIPLUS variants)",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V4.2.3"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC S7-1500 CPU family (incl. related ET200 CPUs and SIPLUS variants)",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V2.0"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC S7-1500 Software Controller",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V2.0"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC S7-200 SMART",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V2.03.01"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC S7-300 CPU family (incl. related ET200 CPUs and SIPLUS variants)",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V3.X.16",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC S7-400 H V6\u00a0and below\u00a0CPU family (incl. SIPLUS variants)",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V6.0.8",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC S7-400 PN/DP V6 and below CPU family (incl. SIPLUS variants)",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V6.0.6",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC S7-400 PN/DP V7 CPU family (incl. SIPLUS variants)",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V7.0.2",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC S7-410 V8 CPU family (incl. SIPLUS variants)",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V8.2.1"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC TDC CP51M1",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V1.1.8",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC TDC CPU555",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V1.1.1",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC WinAC RTX 2010",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V2010 SP3"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC WinAC RTX F 2010",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V2010 SP3"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMOCODE pro V PROFINET (incl. SIPLUS variants)",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V2.1.1"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMOTION C",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V5.1 HF1"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMOTION D",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V5.1 HF1"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMOTION D4xx V4.4 for SINAMICS SM150i-2 w. PROFINET (incl. SIPLUS variants)",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V4.4 HF26"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMOTION P V4.4 and V4.5",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V4.5 HF5"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMOTION P V5",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V5.1 HF1"
}
]
},
{
"defaultStatus": "unknown",
"product": "SINAMICS DCM w. PN",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V1.4 SP1 HF6"
}
]
},
{
"defaultStatus": "unknown",
"product": "SINAMICS DCP w. PN",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V1.2 HF2"
}
]
},
{
"defaultStatus": "unknown",
"product": "SINAMICS G110M w. PN",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V4.7 SP9 HF1"
}
]
},
{
"defaultStatus": "unknown",
"product": "SINAMICS G120(C/P/D) w. PN (incl. SIPLUS variants)",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V4.7 SP9 HF1"
}
]
},
{
"defaultStatus": "unknown",
"product": "SINAMICS G130 V4.7 w. PN",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V4.7 HF29"
}
]
},
{
"defaultStatus": "unknown",
"product": "SINAMICS G130 V4.8 w. PN",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V4.8 HF4"
}
]
},
{
"defaultStatus": "unknown",
"product": "SINAMICS G150 V4.7 w. PN",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V4.7 HF29"
}
]
},
{
"defaultStatus": "unknown",
"product": "SINAMICS G150 V4.8 w. PN",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V4.8 HF4"
}
]
},
{
"defaultStatus": "unknown",
"product": "SINAMICS GH150 V4.7 w. PROFINET",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V4.7 SP5 HF7"
}
]
},
{
"defaultStatus": "unknown",
"product": "SINAMICS GL150 V4.7 w. PROFINET",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V4.8 SP2"
}
]
},
{
"defaultStatus": "unknown",
"product": "SINAMICS GM150 V4.7 w. PROFINET",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V4.7 HF31"
}
]
},
{
"defaultStatus": "unknown",
"product": "SINAMICS S110 w. PN",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V4.4 SP3 HF6"
}
]
},
{
"defaultStatus": "unknown",
"product": "SINAMICS S120 prior to V4.7 w. PN (incl. SIPLUS variants)",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V4.7"
}
]
},
{
"defaultStatus": "unknown",
"product": "SINAMICS S120 V4.7 SP1 w. PN (incl. SIPLUS variants)",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions"
}
]
},
{
"defaultStatus": "unknown",
"product": "SINAMICS S120 V4.7 w. PN (incl. SIPLUS variants)",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V4.7 HF29"
}
]
},
{
"defaultStatus": "unknown",
"product": "SINAMICS S120 V4.8 w. PN (incl. SIPLUS variants)",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V4.8 HF5"
}
]
},
{
"defaultStatus": "unknown",
"product": "SINAMICS S150 V4.7 w. PN",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V4.7 HF29"
}
]
},
{
"defaultStatus": "unknown",
"product": "SINAMICS S150 V4.8 w. PN",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V4.8 HF4"
}
]
},
{
"defaultStatus": "unknown",
"product": "SINAMICS SL150 V4.7.0 w. PROFINET",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V4.7 HF30"
}
]
},
{
"defaultStatus": "unknown",
"product": "SINAMICS SL150 V4.7.4 w. PROFINET",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V4.8 SP2"
}
]
},
{
"defaultStatus": "unknown",
"product": "SINAMICS SL150 V4.7.5 w. PROFINET",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V4.8 SP2"
}
]
},
{
"defaultStatus": "unknown",
"product": "SINAMICS SM120 V4.7 w. PROFINET",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V4.8 SP2"
}
]
},
{
"defaultStatus": "unknown",
"product": "SINAMICS V90 w. PN",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V1.02"
}
]
},
{
"defaultStatus": "unknown",
"product": "SINUMERIK 840D sl",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V4.8 SP3"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIPLUS ET 200MP IM 155-5 PN HF",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V4.2.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIPLUS ET 200MP IM 155-5 PN HF",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V4.2.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIPLUS ET 200MP IM 155-5 PN HF T1 RAIL",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V4.2.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIPLUS ET 200MP IM 155-5 PN ST",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V4.1.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIPLUS ET 200MP IM 155-5 PN ST TX RAIL",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V4.1.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIPLUS ET 200SP IM 155-6 PN HF",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V4.2.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIPLUS ET 200SP IM 155-6 PN HF",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V4.2.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIPLUS ET 200SP IM 155-6 PN HF T1 RAIL",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V4.2.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIPLUS ET 200SP IM 155-6 PN ST",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIPLUS ET 200SP IM 155-6 PN ST",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIPLUS ET 200SP IM 155-6 PN ST BA",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIPLUS ET 200SP IM 155-6 PN ST BA",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIPLUS ET 200SP IM 155-6 PN ST BA TX RAIL",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIPLUS ET 200SP IM 155-6 PN ST BA TX RAIL",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIPLUS ET 200SP IM 155-6 PN ST TX RAIL",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIPLUS ET 200SP IM 155-6 PN ST TX RAIL",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIRIUS Soft Starter 3RW44 PN",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Specially crafted packets sent to port 161/udp could cause a denial of service condition. The affected devices must be restarted manually."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
{
"cvssV4_0": {
"baseScore": 8.7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N",
"version": "4.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-400",
"description": "CWE-400: Uncontrolled Resource Consumption",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-07-09T12:03:53.948Z",
"orgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
"shortName": "siemens"
},
"references": [
{
"name": "101964",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "https://www.securityfocus.com/bid/101964"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-546832.pdf"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-346262.pdf"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-141614.pdf"
},
{
"url": "https://cert-portal.siemens.com/productcert/html/ssa-346262.html"
},
{
"url": "https://cert-portal.siemens.com/productcert/html/ssa-546832.html"
},
{
"url": "https://cert-portal.siemens.com/productcert/html/ssa-141614.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
"assignerShortName": "siemens",
"cveId": "CVE-2017-12741",
"datePublished": "2017-12-26T04:00:00.000Z",
"dateReserved": "2017-08-09T00:00:00.000Z",
"dateUpdated": "2024-08-05T18:51:06.315Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-14028 (GCVE-0-2017-14028)
Vulnerability from cvelistv5 – Published: 2017-11-16 21:00 – Updated: 2024-08-05 19:13
VLAI
Summary
A Resource Exhaustion issue was discovered in Moxa NPort 5110 Version 2.2, NPort 5110 Version 2.4, NPort 5110 Version 2.6, NPort 5110 Version 2.7, NPort 5130 Version 3.7 and prior, and NPort 5150 Version 3.7 and prior. An attacker may be able to exhaust memory resources by sending a large amount of TCP SYN packets.
Severity
No CVSS data available.
CWE
Assigner
References
2 references
| URL | Tags |
|---|---|
| http://www.securityfocus.com/bid/101885 | vdb-entryx_refsource_BID |
| https://ics-cert.us-cert.gov/advisories/ICSA-17-320-01 | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| n/a | Moxa NPort 5110, 5130, and 5150 |
Affected:
Moxa NPort 5110, 5130, and 5150
|
Date Public
2017-11-16 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T19:13:41.532Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "101885",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/101885"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-17-320-01"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Moxa NPort 5110, 5130, and 5150",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "Moxa NPort 5110, 5130, and 5150"
}
]
}
],
"datePublic": "2017-11-16T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "A Resource Exhaustion issue was discovered in Moxa NPort 5110 Version 2.2, NPort 5110 Version 2.4, NPort 5110 Version 2.6, NPort 5110 Version 2.7, NPort 5130 Version 3.7 and prior, and NPort 5150 Version 3.7 and prior. An attacker may be able to exhaust memory resources by sending a large amount of TCP SYN packets."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-400",
"description": "CWE-400",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-11-21T10:57:01.000Z",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"name": "101885",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/101885"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-17-320-01"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "ics-cert@hq.dhs.gov",
"ID": "CVE-2017-14028",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Moxa NPort 5110, 5130, and 5150",
"version": {
"version_data": [
{
"version_value": "Moxa NPort 5110, 5130, and 5150"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A Resource Exhaustion issue was discovered in Moxa NPort 5110 Version 2.2, NPort 5110 Version 2.4, NPort 5110 Version 2.6, NPort 5110 Version 2.7, NPort 5130 Version 3.7 and prior, and NPort 5150 Version 3.7 and prior. An attacker may be able to exhaust memory resources by sending a large amount of TCP SYN packets."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-400"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "101885",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/101885"
},
{
"name": "https://ics-cert.us-cert.gov/advisories/ICSA-17-320-01",
"refsource": "MISC",
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-17-320-01"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2017-14028",
"datePublished": "2017-11-16T21:00:00.000Z",
"dateReserved": "2017-08-30T00:00:00.000Z",
"dateUpdated": "2024-08-05T19:13:41.532Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-15119 (GCVE-0-2017-15119)
Vulnerability from cvelistv5 – Published: 2018-07-27 16:00 – Updated: 2024-08-05 19:50
VLAI
Summary
The Network Block Device (NBD) server in Quick Emulator (QEMU) before 2.11 is vulnerable to a denial of service issue. It could occur if a client sent large option requests, making the server waste CPU time on reading up to 4GB per request. A client could use this flaw to keep the NBD server from serving other requests, resulting in DoS.
Severity
5.8 (Medium)
CWE
Assigner
References
8 references
| URL | Tags |
|---|---|
| https://lists.gnu.org/archive/html/qemu-devel/201… | x_refsource_MISC |
| http://www.openwall.com/lists/oss-security/2017/11/28/9 | x_refsource_MISC |
| http://www.securityfocus.com/bid/102011 | vdb-entryx_refsource_BID |
| https://www.debian.org/security/2018/dsa-4213 | vendor-advisoryx_refsource_DEBIAN |
| https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2… | x_refsource_CONFIRM |
| https://access.redhat.com/errata/RHSA-2018:1104 | vendor-advisoryx_refsource_REDHAT |
| https://access.redhat.com/errata/RHSA-2018:1113 | vendor-advisoryx_refsource_REDHAT |
| https://usn.ubuntu.com/3575-1/ | vendor-advisoryx_refsource_UBUNTU |
Date Public
2017-11-23 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T19:50:16.089Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://lists.gnu.org/archive/html/qemu-devel/2017-11/msg05044.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2017/11/28/9"
},
{
"name": "102011",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/102011"
},
{
"name": "DSA-4213",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "https://www.debian.org/security/2018/dsa-4213"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-15119"
},
{
"name": "RHSA-2018:1104",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2018:1104"
},
{
"name": "RHSA-2018:1113",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2018:1113"
},
{
"name": "USN-3575-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/3575-1/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "qemu",
"vendor": "QEMU",
"versions": [
{
"status": "affected",
"version": "2.11"
}
]
}
],
"datePublic": "2017-11-23T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "The Network Block Device (NBD) server in Quick Emulator (QEMU) before 2.11 is vulnerable to a denial of service issue. It could occur if a client sent large option requests, making the server waste CPU time on reading up to 4GB per request. A client could use this flaw to keep the NBD server from serving other requests, resulting in DoS."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:L",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-400",
"description": "CWE-400",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-07-28T09:57:01.000Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://lists.gnu.org/archive/html/qemu-devel/2017-11/msg05044.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.openwall.com/lists/oss-security/2017/11/28/9"
},
{
"name": "102011",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/102011"
},
{
"name": "DSA-4213",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "https://www.debian.org/security/2018/dsa-4213"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-15119"
},
{
"name": "RHSA-2018:1104",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2018:1104"
},
{
"name": "RHSA-2018:1113",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2018:1113"
},
{
"name": "USN-3575-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/3575-1/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2017-15119",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "qemu",
"version": {
"version_data": [
{
"version_value": "2.11"
}
]
}
}
]
},
"vendor_name": "QEMU"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Network Block Device (NBD) server in Quick Emulator (QEMU) before 2.11 is vulnerable to a denial of service issue. It could occur if a client sent large option requests, making the server waste CPU time on reading up to 4GB per request. A client could use this flaw to keep the NBD server from serving other requests, resulting in DoS."
}
]
},
"impact": {
"cvss": [
[
{
"vectorString": "5.8/CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:L",
"version": "3.0"
}
],
[
{
"vectorString": "4.3/AV:N/AC:M/Au:N/C:N/I:N/A:P",
"version": "2.0"
}
]
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-400"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://lists.gnu.org/archive/html/qemu-devel/2017-11/msg05044.html",
"refsource": "MISC",
"url": "https://lists.gnu.org/archive/html/qemu-devel/2017-11/msg05044.html"
},
{
"name": "http://www.openwall.com/lists/oss-security/2017/11/28/9",
"refsource": "MISC",
"url": "http://www.openwall.com/lists/oss-security/2017/11/28/9"
},
{
"name": "102011",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/102011"
},
{
"name": "DSA-4213",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2018/dsa-4213"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-15119",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-15119"
},
{
"name": "RHSA-2018:1104",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:1104"
},
{
"name": "RHSA-2018:1113",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:1113"
},
{
"name": "USN-3575-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/3575-1/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2017-15119",
"datePublished": "2018-07-27T16:00:00.000Z",
"dateReserved": "2017-10-08T00:00:00.000Z",
"dateUpdated": "2024-08-05T19:50:16.089Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-15130 (GCVE-0-2017-15130)
Vulnerability from cvelistv5 – Published: 2018-03-02 15:00 – Updated: 2024-09-16 20:17
VLAI
Summary
A denial of service flaw was found in dovecot before 2.2.34. An attacker able to generate random SNI server names could exploit TLS SNI configuration lookups, leading to excessive memory usage and the process to restart.
Severity
No CVSS data available.
CWE
Assigner
References
7 references
| URL | Tags |
|---|---|
| https://usn.ubuntu.com/3587-1/ | vendor-advisoryx_refsource_UBUNTU |
| http://seclists.org/oss-sec/2018/q1/205 | mailing-listx_refsource_MLIST |
| https://lists.debian.org/debian-lts-announce/2018… | mailing-listx_refsource_MLIST |
| https://www.debian.org/security/2018/dsa-4130 | vendor-advisoryx_refsource_DEBIAN |
| https://usn.ubuntu.com/3587-2/ | vendor-advisoryx_refsource_UBUNTU |
| https://bugzilla.redhat.com/show_bug.cgi?id=1532356 | x_refsource_CONFIRM |
| https://www.dovecot.org/list/dovecot-news/2018-Fe… | mailing-listx_refsource_MLIST |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| The Dovecot Project | dovecot |
Affected:
before 2.2.34
|
Date Public
2018-02-28 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T19:50:16.075Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "USN-3587-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/3587-1/"
},
{
"name": "[oss-security] 20180301 Dovecot Security Advisory: CVE-2017-15130 TLS SNI config lookups are inefficient and can be used for DoS",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://seclists.org/oss-sec/2018/q1/205"
},
{
"name": "[debian-lts-announce] 20180331 [SECURITY] [DLA 1333-1] dovecot security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2018/03/msg00036.html"
},
{
"name": "DSA-4130",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "https://www.debian.org/security/2018/dsa-4130"
},
{
"name": "USN-3587-2",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/3587-2/"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1532356"
},
{
"name": "[dovecot-news] 20180228 v2.2.34 released",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://www.dovecot.org/list/dovecot-news/2018-February/000370.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "dovecot",
"vendor": "The Dovecot Project",
"versions": [
{
"status": "affected",
"version": "before 2.2.34"
}
]
}
],
"datePublic": "2018-02-28T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "A denial of service flaw was found in dovecot before 2.2.34. An attacker able to generate random SNI server names could exploit TLS SNI configuration lookups, leading to excessive memory usage and the process to restart."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-400",
"description": "CWE-400",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-04-03T09:57:01.000Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "USN-3587-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/3587-1/"
},
{
"name": "[oss-security] 20180301 Dovecot Security Advisory: CVE-2017-15130 TLS SNI config lookups are inefficient and can be used for DoS",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://seclists.org/oss-sec/2018/q1/205"
},
{
"name": "[debian-lts-announce] 20180331 [SECURITY] [DLA 1333-1] dovecot security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2018/03/msg00036.html"
},
{
"name": "DSA-4130",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "https://www.debian.org/security/2018/dsa-4130"
},
{
"name": "USN-3587-2",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/3587-2/"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1532356"
},
{
"name": "[dovecot-news] 20180228 v2.2.34 released",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://www.dovecot.org/list/dovecot-news/2018-February/000370.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"DATE_PUBLIC": "2018-02-28T00:00:00",
"ID": "CVE-2017-15130",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "dovecot",
"version": {
"version_data": [
{
"version_value": "before 2.2.34"
}
]
}
}
]
},
"vendor_name": "The Dovecot Project"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A denial of service flaw was found in dovecot before 2.2.34. An attacker able to generate random SNI server names could exploit TLS SNI configuration lookups, leading to excessive memory usage and the process to restart."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-400"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "USN-3587-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/3587-1/"
},
{
"name": "[oss-security] 20180301 Dovecot Security Advisory: CVE-2017-15130 TLS SNI config lookups are inefficient and can be used for DoS",
"refsource": "MLIST",
"url": "http://seclists.org/oss-sec/2018/q1/205"
},
{
"name": "[debian-lts-announce] 20180331 [SECURITY] [DLA 1333-1] dovecot security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2018/03/msg00036.html"
},
{
"name": "DSA-4130",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2018/dsa-4130"
},
{
"name": "USN-3587-2",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/3587-2/"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1532356",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1532356"
},
{
"name": "[dovecot-news] 20180228 v2.2.34 released",
"refsource": "MLIST",
"url": "https://www.dovecot.org/list/dovecot-news/2018-February/000370.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2017-15130",
"datePublished": "2018-03-02T15:00:00.000Z",
"dateReserved": "2017-10-08T00:00:00.000Z",
"dateUpdated": "2024-09-16T20:17:43.957Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-15132 (GCVE-0-2017-15132)
Vulnerability from cvelistv5 – Published: 2018-01-25 20:00 – Updated: 2024-09-17 00:36
VLAI
Summary
A flaw was found in dovecot 2.0 up to 2.2.33 and 2.3.0. An abort of SASL authentication results in a memory leak in dovecot's auth client used by login processes. The leak has impact in high performance configuration where same login processes are reused and can cause the process to crash due to memory exhaustion.
Severity
No CVSS data available.
CWE
Assigner
References
7 references
| URL | Tags |
|---|---|
| https://github.com/dovecot/core/commit/1a29ed2f96… | x_refsource_CONFIRM |
| https://lists.debian.org/debian-lts-announce/2018… | mailing-listx_refsource_MLIST |
| https://bugzilla.redhat.com/show_bug.cgi?id=1532768 | x_refsource_CONFIRM |
| https://www.debian.org/security/2018/dsa-4130 | vendor-advisoryx_refsource_DEBIAN |
| https://usn.ubuntu.com/3556-1/ | vendor-advisoryx_refsource_UBUNTU |
| https://usn.ubuntu.com/3556-2/ | vendor-advisoryx_refsource_UBUNTU |
| https://www.dovecot.org/list/dovecot-news/2018-Fe… | mailing-listx_refsource_MLIST |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| The Dovecot Project | dovecot |
Affected:
2.0 up to 2.2.33 and 2.3.0
|
Date Public
2018-01-25 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T19:50:16.152Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/dovecot/core/commit/1a29ed2f96da1be22fa5a4d96c7583aa81b8b060.patch"
},
{
"name": "[debian-lts-announce] 20180331 [SECURITY] [DLA 1333-1] dovecot security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2018/03/msg00036.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1532768"
},
{
"name": "DSA-4130",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "https://www.debian.org/security/2018/dsa-4130"
},
{
"name": "USN-3556-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/3556-1/"
},
{
"name": "USN-3556-2",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/3556-2/"
},
{
"name": "[dovecot-news] 20180228 v2.2.34 released",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://www.dovecot.org/list/dovecot-news/2018-February/000370.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "dovecot",
"vendor": "The Dovecot Project",
"versions": [
{
"status": "affected",
"version": "2.0 up to 2.2.33 and 2.3.0"
}
]
}
],
"datePublic": "2018-01-25T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "A flaw was found in dovecot 2.0 up to 2.2.33 and 2.3.0. An abort of SASL authentication results in a memory leak in dovecot\u0027s auth client used by login processes. The leak has impact in high performance configuration where same login processes are reused and can cause the process to crash due to memory exhaustion."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-400",
"description": "CWE-400",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-04-01T09:57:02.000Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/dovecot/core/commit/1a29ed2f96da1be22fa5a4d96c7583aa81b8b060.patch"
},
{
"name": "[debian-lts-announce] 20180331 [SECURITY] [DLA 1333-1] dovecot security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2018/03/msg00036.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1532768"
},
{
"name": "DSA-4130",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "https://www.debian.org/security/2018/dsa-4130"
},
{
"name": "USN-3556-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/3556-1/"
},
{
"name": "USN-3556-2",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/3556-2/"
},
{
"name": "[dovecot-news] 20180228 v2.2.34 released",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://www.dovecot.org/list/dovecot-news/2018-February/000370.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"DATE_PUBLIC": "2018-01-25T00:00:00",
"ID": "CVE-2017-15132",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "dovecot",
"version": {
"version_data": [
{
"version_value": "2.0 up to 2.2.33 and 2.3.0"
}
]
}
}
]
},
"vendor_name": "The Dovecot Project"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A flaw was found in dovecot 2.0 up to 2.2.33 and 2.3.0. An abort of SASL authentication results in a memory leak in dovecot\u0027s auth client used by login processes. The leak has impact in high performance configuration where same login processes are reused and can cause the process to crash due to memory exhaustion."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-400"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/dovecot/core/commit/1a29ed2f96da1be22fa5a4d96c7583aa81b8b060.patch",
"refsource": "CONFIRM",
"url": "https://github.com/dovecot/core/commit/1a29ed2f96da1be22fa5a4d96c7583aa81b8b060.patch"
},
{
"name": "[debian-lts-announce] 20180331 [SECURITY] [DLA 1333-1] dovecot security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2018/03/msg00036.html"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1532768",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1532768"
},
{
"name": "DSA-4130",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2018/dsa-4130"
},
{
"name": "USN-3556-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/3556-1/"
},
{
"name": "USN-3556-2",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/3556-2/"
},
{
"name": "[dovecot-news] 20180228 v2.2.34 released",
"refsource": "MLIST",
"url": "https://www.dovecot.org/list/dovecot-news/2018-February/000370.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2017-15132",
"datePublished": "2018-01-25T20:00:00.000Z",
"dateReserved": "2017-10-08T00:00:00.000Z",
"dateUpdated": "2024-09-17T00:36:33.953Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-15133 (GCVE-0-2017-15133)
Vulnerability from cvelistv5 – Published: 2018-01-29 19:00 – Updated: 2024-09-16 22:56
VLAI
Summary
A denial of service flaw was found in miekg-dns before 1.0.4. A remote attacker could use carefully timed TCP packets to block the DNS server from accepting new connections.
Severity
No CVSS data available.
CWE
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://bugzilla.redhat.com/show_bug.cgi?id=1538763 | x_refsource_CONFIRM |
| https://github.com/miekg/dns/issues/627 | x_refsource_CONFIRM |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Miek Gieben | miekg-dns |
Affected:
before 1.0.4
|
Date Public
2018-01-11 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T19:50:16.057Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1538763"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/miekg/dns/issues/627"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "miekg-dns",
"vendor": "Miek Gieben",
"versions": [
{
"status": "affected",
"version": "before 1.0.4"
}
]
}
],
"datePublic": "2018-01-11T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "A denial of service flaw was found in miekg-dns before 1.0.4. A remote attacker could use carefully timed TCP packets to block the DNS server from accepting new connections."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-400",
"description": "CWE-400",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-01-29T18:57:01.000Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1538763"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/miekg/dns/issues/627"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"DATE_PUBLIC": "2018-01-11T00:00:00",
"ID": "CVE-2017-15133",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "miekg-dns",
"version": {
"version_data": [
{
"version_value": "before 1.0.4"
}
]
}
}
]
},
"vendor_name": "Miek Gieben"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A denial of service flaw was found in miekg-dns before 1.0.4. A remote attacker could use carefully timed TCP packets to block the DNS server from accepting new connections."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-400"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1538763",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1538763"
},
{
"name": "https://github.com/miekg/dns/issues/627",
"refsource": "CONFIRM",
"url": "https://github.com/miekg/dns/issues/627"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2017-15133",
"datePublished": "2018-01-29T19:00:00.000Z",
"dateReserved": "2017-10-08T00:00:00.000Z",
"dateUpdated": "2024-09-16T22:56:27.008Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
Mitigation
Phase: Architecture and Design
Description:
- Design throttling mechanisms into the system architecture. The best protection is to limit the amount of resources that an unauthorized user can cause to be expended. A strong authentication and access control model will help prevent such attacks from occurring in the first place. The login application should be protected against DoS attacks as much as possible. Limiting the database access, perhaps by caching result sets, can help minimize the resources expended. To further limit the potential for a DoS attack, consider tracking the rate of requests received from users and blocking requests that exceed a defined rate threshold.
Mitigation
Phase: Architecture and Design
Description:
- Mitigation of resource exhaustion attacks requires that the target system either:
- The first of these solutions is an issue in itself though, since it may allow attackers to prevent the use of the system by a particular valid user. If the attacker impersonates the valid user, they may be able to prevent the user from accessing the server in question.
- The second solution is simply difficult to effectively institute -- and even when properly done, it does not provide a full solution. It simply makes the attack require more resources on the part of the attacker.
- recognizes the attack and denies that user further access for a given amount of time, or
- uniformly throttles all requests in order to make it more difficult to consume resources more quickly than they can again be freed.
Mitigation
Phase: Architecture and Design
Description:
- Ensure that protocols have specific limits of scale placed on them.
Mitigation
Phase: Implementation
Description:
- Ensure that all failures in resource allocation place the system into a safe posture.
CAPEC-147: XML Ping of the Death
An attacker initiates a resource depletion attack where a large number of small XML messages are delivered at a sufficiently rapid rate to cause a denial of service or crash of the target. Transactions such as repetitive SOAP transactions can deplete resources faster than a simple flooding attack because of the additional resources used by the SOAP protocol and the resources necessary to process SOAP messages. The transactions used are immaterial as long as they cause resource utilization on the target. In other words, this is a normal flooding attack augmented by using messages that will require extra processing on the target.
CAPEC-227: Sustained Client Engagement
An adversary attempts to deny legitimate users access to a resource by continually engaging a specific resource in an attempt to keep the resource tied up as long as possible. The adversary's primary goal is not to crash or flood the target, which would alert defenders; rather it is to repeatedly perform actions or abuse algorithmic flaws such that a given resource is tied up and not available to a legitimate user. By carefully crafting a requests that keep the resource engaged through what is seemingly benign requests, legitimate users are limited or completely denied access to the resource.
CAPEC-492: Regular Expression Exponential Blowup
An adversary may execute an attack on a program that uses a poor Regular Expression(Regex) implementation by choosing input that results in an extreme situation for the Regex. A typical extreme situation operates at exponential time compared to the input size. This is due to most implementations using a Nondeterministic Finite Automaton(NFA) state machine to be built by the Regex algorithm since NFA allows backtracking and thus more complex regular expressions.