Vulnerabilities > CVE-2023-38200 - Excessive Iteration vulnerability in multiple products

CVSS 7.5 - HIGH

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

NONE

Integrity impact

NONE

Availability impact

HIGH

network

low complexity

NVD

Published: 2023-07-24

Updated: 2024-09-16

Summary

A flaw was found in Keylime. Due to their blocking nature, the Keylime registrar is subject to a remote denial of service against its SSL connections. This flaw allows an attacker to exhaust all available connections.

Vulnerable Configurations

Part	Description	Count
Application	Keylime Keylime Keylime -	1
OS	Redhat Redhat Enterprise Linux 9.0 Redhat Enterprise Linux Server AUS 9.2 Redhat Enterprise Linux EUS 9.2 Redhat Enterprise Linux FOR Power Little Endian 9.0_Ppc64Le Redhat Enterprise Linux FOR IBM Z Systems EUS 9.2_S390X Redhat Enterprise Linux FOR Power Little Endian EUS 9.0_Ppc64Le Redhat Enterprise Linux FOR IBM Z Systems 9.0_S390X	7
OS	Fedoraproject Fedoraproject Fedora 38	1

Common Weakness Enumeration (CWE)

CWE-834 - Excessive Iteration

Summary

Vulnerable Configurations

Common Weakness Enumeration (CWE)

References