Description

No Limit on Number of Open Sessions / Bad Session Close Behaviour in dnf5daemon-server before 5.1.17 allows a malicious user to impact Availability via No Limit on Number of Open Sessions. There is no limit on how many sessions D-Bus clients may create using the `open_session()` D-Bus method. For each session a thread is created in dnf5daemon-server. This spends a couple of hundred megabytes of memory in the process. Further connections will become impossible, likely because no more threads can be spawned by the D-Bus service.

INFO

Published Date :

2024-05-08T01:52:54.938Z

Last Modified :

2024-08-01T18:56:22.475Z

Source :

fedora
AFFECTED PRODUCTS

The following products are affected by CVE-2024-1930 vulnerability.

Vendors Products
Fedora
  • Dnf5daemon-server
Rpm-software-management
  • Dnf5
REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2024-1930.

URL Resource
https://www.openwall.com/lists/oss-security/2024/03/04/2 cve-icon cve-icon cve-icon
Login to claim this CVE

CVSS Vulnerability Scoring System

Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality Impact
Integrity Impact
Availability Impact