ALT Linux Team

Package freeipa update in p9 on 2020-06-11

ALT-PU-2020-2174-1

Package freeipa updated to version 4.8.6-alt2 for branch p9 in task 250567.

Closed vulnerabilities

Published: 2020-04-28
Modified: 2024-11-21

CVE-2020-1722

A flaw was found in all ipa versions 4.x.x through 4.8.0. When sending a very long password (>= 1,000,000 characters) to the server, the password hashing process could exhaust memory and CPU leading to a denial of service and the website becoming unresponsive. The highest threat from this vulnerability is to system availability.

Severity: MEDIUM (5.3) Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H
References:
VKontakte | Telegram | YouTube | Forum | GitHub | Bugzilla
Version: 2.1.0
Back to top