CVE-2023-38200

A flaw was found in Keylime. Due to their blocking nature, the Keylime registrar is subject to a remote denial of service against its SSL connections. This flaw allows an attacker to exhaust all available connections.

Published: Jul 24, 2023
Updated: May 9, 2024
CVE: CVE-2023-38200
GHSA: GHSA-pg75-v6fp-8q59
Severity: High
Exploit:

CVSS v3:

Severity: High
Score: 7.5
AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWEs:

CWE-834

Affected Software
References

Software	From	Fixed in
redhat / enterprise_linux	9.0	9.0.x
keylime	-	7.4.0
redhat / enterprise_linux_server_aus	9.2	9.2.x
redhat / enterprise_linux_eus	9.2	9.2.x
redhat / enterprise_linux_for_power_little_endian	9.0_ppc64le	9.0_ppc64le.x
redhat / enterprise_linux_for_ibm_z_systems_eus	9.2_s390x	9.2_s390x.x
redhat / enterprise_linux_for_power_little_endian_eus	9.0_ppc64le	9.0_ppc64le.x
redhat / enterprise_linux_for_ibm_z_systems	9.0_s390x	9.0_s390x.x
fedoraproject / fedora	38	38.x

https://access.redhat.com/errata/RHSA-2023:5080
https://access.redhat.com/security/cve/CVE-2023-38200
https://bugzilla.redhat.com/show_bug.cgi?id=2222692
https://github.com/keylime/keylime/commit/c68d8f0b7ea549c12b6956ab0f3c28ae0360ae17
https://github.com/keylime/keylime/pull/1421
https://github.com/keylime/keylime/releases/tag/v7.4.0
https://github.com/keylime/keylime/security/advisories/GHSA-pg75-v6fp-8q59
https://lists.fedoraproject.org/archives/list/[email protected]/message/ZIZZB5NHNCS5D2AEH3ZAO6OQC72IK7WS/

Vulnerability Database

289,599

CVE-2023-38200