Improper Resource Shutdown or Release Affecting salt package, versions <3006.0-150200.108.1


Severity

Recommended
0.0
medium
0
10

Based on SUSE Linux Enterprise Server security rating.

Threat Intelligence

EPSS
0.08% (36th percentile)

Do your applications use this vulnerable package?

In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.

Test your applications
  • Snyk IDSNYK-SLES152-SALT-5925674
  • published29 Sept 2023
  • disclosed28 Sept 2023

Introduced: 28 Sep 2023

CVE-2023-20897  (opens in a new tab)
CWE-404  (opens in a new tab)

How to fix?

Upgrade SLES:15.2 salt to version 3006.0-150200.108.1 or higher.

NVD Description

Note: Versions mentioned in the description apply only to the upstream salt package and not the salt package as distributed by SLES. See How to fix? for SLES:15.2 relevant fixed versions and status.

Salt masters prior to 3005.2 or 3006.2 contain a DOS in minion return. After receiving several bad packets on the request server equal to the number of worker threads, the master will become unresponsive to return requests until restarted.

CVSS Scores

version 3.1