Security Bulletin
This security bulletin contains one medium risk vulnerability.
EUVDB-ID: #VU75412
Risk: Medium
CVSSv3.1: 5.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-30608
CWE-ID:
CWE-400 - Resource exhaustion
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to application does not properly control consumption of internal resources. A remote attacker can trigger resource exhaustion and perform a denial of service (DoS) attack.
MitigationUpdate the affected package Recommended update for google-cloud SDK to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Micro: 5.3 - 5.5
openSUSE Leap Micro: 5.3 - 5.4
Python 3 Module: 15-SP5
Public Cloud Module: 15-SP4 - 15-SP5
Development Tools Module: 15-SP5
SUSE Package Hub 15: 15-SP5
Basesystem Module: 15-SP5
SUSE Linux Enterprise Micro for Rancher: 5.3 - 5.4
SUSE Linux Enterprise Server for SAP Applications 15: SP4 - SP5
SUSE Linux Enterprise Server 15: SP4 - SP5
SUSE Linux Enterprise Real Time 15: SP5
SUSE Linux Enterprise High Performance Computing 15: SP4 - SP5
SUSE Linux Enterprise Desktop 15: SP4 - SP5
openSUSE Leap: 15.4 - 15.5
SUSE Manager Retail Branch Server: 4.3
SUSE Manager Server: 4.3
SUSE Manager Proxy: 4.3
libprotobuf25_1_0-64bit-debuginfo: before 25.1-150400.9.6.1
libprotoc25_1_0-64bit-debuginfo: before 25.1-150400.9.6.1
libprotobuf-lite25_1_0-64bit-debuginfo: before 25.1-150400.9.6.1
libprotobuf25_1_0-64bit: before 25.1-150400.9.6.1
libprotoc25_1_0-64bit: before 25.1-150400.9.6.1
libprotobuf-lite25_1_0-64bit: before 25.1-150400.9.6.1
python311-apipkg: before 3.0.1-150400.12.6.1
python311-grpc-google-iam-v1: before 0.13.0-150400.9.3.1
python311-google-cloud-vpc-access: before 1.10.0-150400.9.3.1
python311-google-cloud-logging: before 3.9.0-150400.9.3.1
python311-google-cloud-kms: before 2.21.0-150400.9.3.1
python311-rsa: before 4.9-150400.12.7.1
python311-google-cloud-build: before 3.22.0-150400.9.3.1
python311-requests: before 2.31.0-150400.6.8.1
python311-google-cloud-compute: before 1.15.0-150400.9.3.1
python311-setuptools-wheel: before 67.7.2-150400.3.12.1
python311-iniconfig: before 2.0.0-150400.10.6.1
python311-google-auth: before 2.27.0-150400.6.7.1
python311-googleapis-common-protos: before 1.62.0-150400.10.4.1
python311-google-cloud-domains: before 1.7.1-150400.9.3.1
python311-google-cloud-audit-log: before 0.2.5-150400.9.3.1
python311-google-cloud-run: before 0.10.1-150400.9.3.1
python311-pyasn1-modules: before 0.3.0-150400.12.7.1
python311-google-cloud-service-directory: before 1.11.1-150400.9.3.1
python311-idna: before 3.4-150400.11.6.1
python311-urllib3: before 2.0.7-150400.7.14.1
python311-pyasn1: before 0.5.0-150400.12.7.2
python311-google-api-core: before 2.15.0-150400.5.4.1
python311-google-cloud-iam: before 2.13.0-150400.9.3.1
python311-google-cloud-kms-inventory: before 0.2.2-150400.9.3.1
python311-google-cloud-storage: before 2.14.0-150400.10.3.1
python311-google-cloud-secret-manager: before 2.17.0-150400.9.3.1
python311-pycparser: before 2.21-150400.12.7.2
python311-setuptools: before 67.7.2-150400.3.12.1
python311-google-cloud-artifact-registry: before 1.11.0-150400.9.3.1
python311-cachetools: before 5.3.1-150400.8.6.1
python311-proto-plus: before 1.23.0-150400.9.3.1
python311-py: before 1.11.0-150400.12.7.2
python311-grpcio-status: before 1.60.1-150400.9.3.1
python311-google-cloud-appengine-logging: before 1.4.0-150400.9.3.1
python311-charset-normalizer: before 3.1.0-150400.9.7.2
python311-google-cloud-spanner: before 3.40.1-150400.9.3.1
python311-pyOpenSSL: before 23.2.0-150400.3.10.1
python311-certifi: before 2023.7.22-150400.12.6.2
python311-google-cloud-core: before 2.4.1-150400.5.4.1
python311-sqlparse: before 0.4.4-150400.6.4.2
python311-google-resumable-media: before 2.7.0-150400.10.4.1
python311-google-cloud-dns: before 0.35.0-150400.9.3.1
python311-pytz: before 2023.3-150400.6.6.1
libprotoc25_1_0-32bit: before 25.1-150400.9.6.1
libprotobuf-lite25_1_0-32bit: before 25.1-150400.9.6.1
libprotoc25_1_0-32bit-debuginfo: before 25.1-150400.9.6.1
libprotobuf25_1_0-32bit-debuginfo: before 25.1-150400.9.6.1
libprotobuf-lite25_1_0-32bit-debuginfo: before 25.1-150400.9.6.1
libprotobuf25_1_0-32bit: before 25.1-150400.9.6.1
libcrc32c1: before 1.1.2-150400.9.3.1
python311-cffi-debuginfo: before 1.15.1-150400.8.7.2
python-grpcio-debugsource: before 1.60.1-150400.9.7.2
python-cffi-debugsource: before 1.15.1-150400.8.7.2
python311-cffi: before 1.15.1-150400.8.7.2
libprotobuf25_1_0-debuginfo: before 25.1-150400.9.6.1
python-google-crc32c-debugsource: before 1.5.0-150400.9.3.1
libprotoc25_1_0-debuginfo: before 25.1-150400.9.6.1
python-cryptography-debugsource: before 41.0.3-150400.16.19.1
libcrc32c-debugsource: before 1.1.2-150400.9.3.1
libprotobuf-lite25_1_0: before 25.1-150400.9.6.1
python311-google-crc32c-debuginfo: before 1.5.0-150400.9.3.1
libprotobuf-lite25_1_0-debuginfo: before 25.1-150400.9.6.1
python311-protobuf: before 4.25.1-150400.9.6.1
libcrc32c1-debuginfo: before 1.1.2-150400.9.3.1
libcrc32c-devel: before 1.1.2-150400.9.3.1
python311-cryptography: before 41.0.3-150400.16.19.1
python311-google-crc32c: before 1.5.0-150400.9.3.1
libprotobuf25_1_0: before 25.1-150400.9.6.1
libprotoc25_1_0: before 25.1-150400.9.6.1
protobuf-devel: before 25.1-150400.9.6.1
protobuf-java: before 25.1-150400.9.6.1
protobuf-debugsource: before 25.1-150400.9.6.1
python311-cryptography-debuginfo: before 41.0.3-150400.16.19.1
protobuf-devel-debuginfo: before 25.1-150400.9.6.1
python311-grpcio-debuginfo: before 1.60.1-150400.9.7.2
python311-grpcio: before 1.60.1-150400.9.7.2
CPE2.3http://www.suse.com/support/update/announcement/2024/suse-ru-20241637-1/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.