Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
NA

CVE-2024-1930

Published: 08/05/2024 Updated: 08/05/2024

Vulnerability Summary

No Limit on Number of Open Sessions / Bad Session Close Behaviour in dnf5daemon-server prior to 5.1.17 allows a malicious user to impact Availability via No Limit on Number of Open Sessions. There is no limit on how many sessions D-Bus clients may create using the `open_session()` D-Bus method. For each session a thread is created in dnf5daemon-server. This spends a couple of hundred megabytes of memory in the process. Further connections will become impossible, likely because no more threads can be spawned by the D-Bus service.

Vulnerability Trend

Mailing Lists

Full Disclosure: dnf5daemon-server: Local root Exploit and Local Denial-of-Service in dnf5 D-Bus Components (CVE-2024-1929, CVE-2024-1930)
<!--X-Body-Begin--> <!--X-User-Header--> oss-sec mailing list archives <!--X-User-Header-End--> <!--X-TopPNI--> By Date By Thread </form> <!--X-TopPNI-End--> <!--X-MsgBody--> <!--X-Subject-Header-Begin--> dnf5daemon-server: Local root Exploit and Local Denial-of-Service in dnf5 D-Bus Components (CVE-2024-1929, CVE-2024-1930) <!-- ...

References

https://www.openwall.com/lists/oss-security/2024/03/04/2https://nvd.nist.govhttps://seclists.org/oss-sec/2024/q1/186
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
spoofCVE-2024-34928CVE-2024-5291deserializationCVE-2024-4471CVE-2024-4956CVE-2024-32002CVE-2024-5227unspecified
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook