Improper Resource Shutdown or Release Affecting salt package, versions *
Threat Intelligence
EPSS
0.05% (18th
percentile)
Do your applications use this vulnerable package?
In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.
Test your applications- Snyk ID SNYK-DEBIAN10-SALT-5884381
- published 6 Sep 2023
- disclosed 5 Sep 2023
Introduced: 5 Sep 2023
CVE-2023-20897 Open this link in a new tabHow to fix?
There is no fixed version for Debian:10 salt.
NVD Description
Note: Versions mentioned in the description apply only to the upstream salt package and not the salt package as distributed by Debian.
See How to fix? for Debian:10 relevant fixed versions and status.
Salt masters prior to 3005.2 or 3006.2 contain a DOS in minion return. After receiving several bad packets on the request server equal to the number of worker threads, the master will become unresponsive to return requests until restarted.
CVSS Scores
version 3.1