CVE-2023-20897 – salt

Package

Manager: pip
Name: salt
Vulnerable Version: >=0 <3005.2 || >=3006.0rc1 <3006.2

Severity

Level: Medium

CVSS v3.1: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N

EPSS: 0.0011 pctl0.301

Details

Salt vulnerable to denial of service Salt masters prior to 3005.2 or 3006.2 contain a DOS in minion return. After receiving several bad packets on the request server equal to the number of worker threads, the master will become unresponsive to return requests until restarted.

Metadata

Created: 2023-09-05T12:30:16Z
Modified: 2025-02-13T19:11:42Z
Source: https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2023/09/GHSA-vpjg-wmf8-29h9/GHSA-vpjg-wmf8-29h9.json
CWE IDs: ["CWE-404"]
Alternative ID: GHSA-vpjg-wmf8-29h9
Finding: F108
Auto approve: 1