ALT-PU-2019-1072-1
Closed vulnerabilities
Published: 2018-11-13
BDU:2019-02448
Уязвимость менеджера для серверов Cockpit, вызванная выходом операции за границы буфера в памяти, позволяющая нарушителю вызвать отказ в обслуживании
Severity: HIGH (7.5)
Vector: AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
References:
Published: 2019-03-26
Modified: 2024-11-21
Modified: 2024-11-21
CVE-2019-3804
It was found that cockpit before version 184 used glib's base64 decode functionality incorrectly resulting in a denial of service attack. An unauthenticated attacker could send a specially crafted request with an invalid base64-encoded cookie which could cause the web service to crash.
Severity: HIGH (7.5)
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
References:
- RHSA-2019:1569
- RHSA-2019:1569
- RHSA-2019:1571
- RHSA-2019:1571
- https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3804
- https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3804
- https://github.com/cockpit-project/cockpit/commit/c51f6177576d7e12
- https://github.com/cockpit-project/cockpit/commit/c51f6177576d7e12
- https://github.com/cockpit-project/cockpit/pull/10819
- https://github.com/cockpit-project/cockpit/pull/10819