Все бюллетени/p9/ALT-PU-2020-2174-1
ALT-PU-2020-2174-1

Обновление пакета freeipa в ветке p9

Версия4.8.6-alt2
Задание#250567
Опубликовано2020-06-11
Макс. серьёзностьMEDIUM
Серьёзность:

Закрытые проблемы (1)

CVE-2020-1722
MEDIUM5.3

A flaw was found in all ipa versions 4.x.x through 4.8.0. When sending a very long password (>= 1,000,000 characters) to the server, the password hashing process could exhaust memory and CPU leading to a denial of service and the website becoming unresponsive. The highest threat from this vulnerability is to system availability.

Опубликовано: 2020-04-27Изменено: 2024-11-21
CVSS 2.0СРЕДНЯЯ 5.4
CVSS:2.0/AV:N/AC:H/Au:N/C:N/I:N/A:C
CVSS 3.xСРЕДНЯЯ 5.3
CVSS:3.x/CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H
Ссылки