Vulnerability DatabaseCVE-2023-38200
Mend.io Vulnerability Database
The largest open source vulnerability database
What is a Vulnerability ID?
New vulnerability? Tell us about it!
CVE-2023-38200
July 24, 2023
A flaw was found in Keylime. Due to their blocking nature, the Keylime registrar is subject to a remote denial of service against its SSL connections. This flaw allows an attacker to exhaust all available connections.
Affected Packages
keylime (PYTHON):
Affected version(s) >=6.3.1 <7.4.0
Fix Suggestion:
Update to version 7.4.0
Related ResourcesĀ (10)
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZIZZB5NHNCS5D2AEH3ZAO6OQC72IK7WS/
https://github.com/keylime/keylime/security/advisories/GHSA-pg75-v6fp-8q59
https://github.com/keylime/keylime/pull/1421
https://github.com/keylime/keylime
https://github.com/keylime/keylime/releases/tag/v7.4.0
https://access.redhat.com/errata/RHSA-2023:5080
https://github.com/keylime/keylime/commit/c68d8f0b7ea549c12b6956ab0f3c28ae0360ae17
https://access.redhat.com/security/cve/CVE-2023-38200
https://nvd.nist.gov/vuln/detail/CVE-2023-38200
https://bugzilla.redhat.com/show_bug.cgi?id=2222692
Do you need more information?
Contact Us
CVSS v4
Base Score:
8.7
Attack Vector
NETWORK
Attack Complexity
LOW
Attack Requirements
NONE
Privileges Required
NONE
User Interaction
NONE
Vulnerable System Confidentiality
NONE
Vulnerable System Integrity
NONE
Vulnerable System Availability
HIGH
Subsequent System Confidentiality
NONE
Subsequent System Integrity
NONE
Subsequent System Availability
NONE
CVSS v3
Base Score:
7.5
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality
NONE
Integrity
NONE
Availability
HIGH
Weakness Type (CWE)
Uncontrolled Resource Consumption
CWE-400
Excessive Iteration
CWE-834
EPSS
Base Score:
0.86