Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
NA

CVE-2024-1930

Published: 08/05/2024 Updated: 08/05/2024

Vulnerability Summary

No Limit on Number of Open Sessions / Bad Session Close Behaviour in dnf5daemon-server prior to 5.1.17 allows a malicious user to impact Availability via No Limit on Number of Open Sessions. There is no limit on how many sessions D-Bus clients may create using the `open_session()` D-Bus method. For each session a thread is created in dnf5daemon-server. This spends a couple of hundred megabytes of memory in the process. Further connections will become impossible, likely because no more threads can be spawned by the D-Bus service.

Vulnerability Trend

Mailing Lists

Full Disclosure: dnf5daemon-server: Local root Exploit and Local Denial-of-Service in dnf5 D-Bus Components (CVE-2024-1929, CVE-2024-1930)
Hello list, please find below a report about a local root exploit and other issues in dnf5daemon-server We also offer a rendered HTML version of the report on our blog [1] 1) Introduction =============== The dnf5daemon-server [2] component offers a collection of D-Bus interfaces to interact with the dnf5 package manager on the system An openS ...

References

https://www.openwall.com/lists/oss-security/2024/03/04/2https://nvd.nist.govhttps://seclists.org/oss-sec/2024/q1/186
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2023-49223CVE-2024-0044information disclosureCVE-2024-35753HTML injectionCVE-2024-21306CVE-2024-35733SQL injectionCVE-2024-35732
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook