GHSA-vpjg-wmf8-29h9

Source

https://github.com/advisories/GHSA-vpjg-wmf8-29h9

Import Source

https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2023/09/GHSA-vpjg-wmf8-29h9/GHSA-vpjg-wmf8-29h9.json

JSON Data

https://api.test.osv.dev/v1/vulns/GHSA-vpjg-wmf8-29h9

Aliases

Published

2023-09-05T12:30:16Z

Modified

2025-02-13T19:36:57.853274Z

Severity

5.3 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L CVSS Calculator

Summary

Salt vulnerable to denial of service

Details

Salt masters prior to 3005.2 or 3006.2 contain a DOS in minion return. After receiving several bad packets on the request server equal to the number of worker threads, the master will become unresponsive to return requests until restarted.

Database specific

{
    "github_reviewed_at": "2023-09-06T19:52:59Z",
    "nvd_published_at": "2023-09-05T11:15:32Z",
    "cwe_ids": [
        "CWE-404"
    ],
    "severity": "MODERATE",
    "github_reviewed": true
}

References

Affected packages

PyPI / salt

Package

Name: salt; View open source insights on deps.dev
Purl: pkg:pypi/salt

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

3005.2

Affected versions

0.*

0.8.7

0.8.9

0.9.0

0.9.1

0.9.2

0.9.3

0.9.4

0.9.5

0.9.6

0.9.7

0.9.8

0.9.9

0.9.9.1

0.10.0

0.10.1

0.10.2

0.10.3

0.10.4

0.10.5

0.11.0

0.11.1

0.12.0

0.12.1

0.13.0

0.13.1

0.13.2

0.13.3

0.14.0

0.14.1

0.15.0

0.15.1

0.15.2

0.15.3

0.15.90

0.16.0

0.16.1

0.16.2

0.16.3

0.16.4

0.17.0rc1

0.17.0

0.17.1

0.17.2

0.17.3

0.17.4

0.17.5

2014.*

2014.1.0rc1

2014.1.0rc2

2014.1.0rc3

2014.1.0

2014.1.1

2014.1.2

2014.1.3

2014.1.4

2014.1.5

2014.1.6

2014.1.7

2014.1.8

2014.1.9

2014.1.10

2014.1.11

2014.1.12

2014.1.13

2014.7.0rc1

2014.7.0rc2

2014.7.0rc3

2014.7.0rc4

2014.7.0rc5

2014.7.0rc6

2014.7.0rc7

2014.7.0

2014.7.1

2014.7.2

2014.7.3

2014.7.4

2014.7.5

2014.7.6

2014.7.7

2015.*

2015.2.0rc1

2015.2.0rc2

2015.5.0

2015.5.1

2015.5.2

2015.5.3

2015.5.4

2015.5.5

2015.5.6

2015.5.7

2015.5.8

2015.5.9

2015.5.10

2015.5.11

2015.8.0rc1

2015.8.0rc2

2015.8.0rc3

2015.8.0rc4

2015.8.0rc5

2015.8.0

2015.8.1

2015.8.2

2015.8.3

2015.8.4

2015.8.5

2015.8.7

2015.8.8

2015.8.8.2

2015.8.9

2015.8.10

2015.8.11

2015.8.12

2015.8.13

2016.*

2016.3.0rc2

2016.3.0rc3

2016.3.0

2016.3.1

2016.3.2

2016.3.3

2016.3.4

2016.3.5

2016.3.6

2016.3.7

2016.3.8

2016.11.0rc1

2016.11.0rc2

2016.11.0

2016.11.1

2016.11.2

2016.11.3

2016.11.4

2016.11.5

2016.11.6

2016.11.7

2016.11.8

2016.11.9

2016.11.10

2017.*

2017.7.0rc1

2017.7.0

2017.7.1

2017.7.2

2017.7.3

2017.7.4

2017.7.5

2017.7.6

2017.7.7

2017.7.8

2018.*

2018.3.0rc1

2018.3.0

2018.3.1

2018.3.2

2018.3.3

2018.3.4

2018.3.5

2019.*

2019.2.0rc1

2019.2.0rc2

2019.2.0

2019.2.1

2019.2.2

2019.2.3

2019.2.4

2019.2.5

2019.2.6

2019.2.7

2019.2.8

3000.*

3000.0.0rc1

3000.0.0rc2

3000.1

3000.2

3000.3

3000.4

3000.5

3000.6

3000.7

3000.8

3000.9

Other

3000

3001rc1

3001

3002rc1

3002

3003rc1

3003

3004rc1

3004

3005rc1

3005rc2

3005

3001.*

3001.1

3001.2

3001.3

3001.4

3001.5

3001.6

3001.7

3001.8

3002.*

3002.1

3002.2

3002.3

3002.4

3002.5

3002.6

3002.7

3002.8

3002.9

3003.*

3003.1

3003.2

3003.3

3003.4

3003.5

3004.*

3004.1

3004.2

3005.*

3005.1

PyPI / salt

Package

Name: salt; View open source insights on deps.dev
Purl: pkg:pypi/salt

Affected ranges

Type: ECOSYSTEM
Events: Introduced

3006.0rc1

Fixed

3006.2

Affected versions

3006.*

3006.0rc1

3006.0rc2

3006.0rc3

3006.0

3006.1