Security Bulletin
This security bulletin contains one medium risk vulnerability.
EUVDB-ID: #VU88173
Risk: Medium
CVSSv3.1: 6.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-51775
CWE-ID:
CWE-400 - Resource exhaustion
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to application does not properly control consumption of internal resources. A remote attacker can trigger resource exhaustion via large p2c (aka PBES2 Count) value and perform a denial of service (DoS) attack.
MitigationUpdate the affected package Maintenance update for SUSE Manager 4.3: Server, Proxy and Retail Branch Server to the latest version.
Vulnerable software versionsSUSE Manager Proxy Module: 4.3
SUSE Manager Server Module: 4.3
SUSE Manager Retail Branch Server: 4.3
SUSE Manager Server: 4.3
SUSE Manager Proxy: 4.3
susemanager-tools: before 4.3.35-150400.3.48.6
inter-server-sync: before 0.3.3-150400.3.30.4
inter-server-sync-debuginfo: before 0.3.3-150400.3.30.4
susemanager: before 4.3.35-150400.3.48.6
smdba: before 1.7.13-0.150400.4.12.4
spacewalk-config: before 4.3.13-150400.3.15.5
spacewalk-backend-server: before 4.3.28-150400.3.41.7
spacewalk-backend-tools: before 4.3.28-150400.3.41.7
spacewalk-html: before 4.3.38-150400.3.42.6
susemanager-sls: before 4.3.41-150400.3.47.6
uyuni-config-modules: before 4.3.41-150400.3.47.6
spacewalk-backend-app: before 4.3.28-150400.3.41.7
spacewalk-backend-applet: before 4.3.28-150400.3.41.7
spacewalk-backend-config-files: before 4.3.28-150400.3.41.7
cobbler: before 3.3.3-150400.5.42.5
susemanager-sync-data: before 4.3.17-150400.3.25.4
spacewalk-backend-iss: before 4.3.28-150400.3.41.7
spacewalk-backend-xml-export-libs: before 4.3.28-150400.3.41.7
uyuni-reportdb-schema: before 4.3.10-150400.3.15.6
susemanager-schema-utility: before 4.3.25-150400.3.39.5
subscription-matcher: before 0.37-150400.3.22.4
spacewalk-java-postgresql: before 4.3.73-150400.3.79.1
image-sync-formula: before 0.1.1711646883.4a44375-150400.3.18.4
spacewalk-java-config: before 4.3.73-150400.3.79.1
supportutils-plugin-susemanager: before 4.3.11-150400.3.21.4
spacewalk-backend-config-files-common: before 4.3.28-150400.3.41.7
susemanager-schema: before 4.3.25-150400.3.39.5
spacewalk-backend-config-files-tool: before 4.3.28-150400.3.41.7
jose4j: before 0.5.1-150400.3.9.4
susemanager-docs_en-pdf: before 4.3-150400.9.56.4
spacewalk-backend-sql-postgresql: before 4.3.28-150400.3.41.7
spacewalk-backend-sql: before 4.3.28-150400.3.41.7
spacewalk-taskomatic: before 4.3.73-150400.3.79.1
spacewalk-base: before 4.3.38-150400.3.42.6
spacewalk-backend-xmlrpc: before 4.3.28-150400.3.41.7
spacewalk-backend-iss-export: before 4.3.28-150400.3.41.7
spacewalk-java: before 4.3.73-150400.3.79.1
spacewalk-backend-package-push-server: before 4.3.28-150400.3.41.7
susemanager-docs_en: before 4.3-150400.9.56.4
spacewalk-java-lib: before 4.3.73-150400.3.79.1
python3-uyuni-common-libs: before 4.3.10-150400.3.18.4
spacewalk-base-minimal-config: before 4.3.38-150400.3.42.6
spacewalk-check: before 4.3.19-150400.3.27.5
python3-spacewalk-check: before 4.3.19-150400.3.27.5
spacewalk-client-tools: before 4.3.19-150400.3.27.5
spacewalk-client-setup: before 4.3.19-150400.3.27.5
spacewalk-certs-tools: before 4.3.23-150400.3.28.5
spacecmd: before 4.3.27-150400.3.36.5
spacewalk-backend: before 4.3.28-150400.3.41.7
mgr-daemon: before 4.3.9-150400.3.15.5
python3-spacewalk-client-tools: before 4.3.19-150400.3.27.5
python3-spacewalk-client-setup: before 4.3.19-150400.3.27.5
python3-spacewalk-certs-tools: before 4.3.23-150400.3.28.5
spacewalk-base-minimal: before 4.3.38-150400.3.42.6
CPE2.3http://www.suse.com/support/update/announcement/2024/suse-su-20241507-1/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.