CVE-2019-18904

Advisory lineage Upstream: 0 Downstream: 5

Downstream

OPENSUSE-SU-2020:0235-1 OPENSUSE-SU-2024:10589-1 SUSE-SU-2020:0260-1 SUSE-SU-2020:0278-1 SUSE-SU-2020:1179-1

Modified

Published: 03 Apr 2020, 07:10

Last modified:16 Sept 2024, 16:58

Vulnerability Summary

Overall Risk (default)

medium

40/100

CVSS Score

7.5 HIGH

v3.1 (nvd)

EPSS Score

0.93% LOW

1% probability 0.00%

KEV

Not listed

Ransomware

No reports

Public exploits

1 found

Dark Web

Not detected

Timeline

03 Apr 2020, 07:10

Published

Vulnerability first disclosed

16 Sept 2024, 16:58

Last Modified

Vulnerability information updated

Description

A Uncontrolled Resource Consumption vulnerability in rmt of SUSE Linux Enterprise High Performance Computing 15-ESPOS, SUSE Linux Enterprise High Performance Computing 15-LTSS, SUSE Linux Enterprise Module for Public Cloud 15-SP1, SUSE Linux Enterprise Module for Server Applications 15, SUSE Linux Enterprise Module for Server Applications 15-SP1, SUSE Linux Enterprise Server 15-LTSS, SUSE Linux Enterprise Server for SAP 15; openSUSE Leap 15.1 allows remote attackers to cause DoS against rmt by requesting migrations. This issue affects: SUSE Linux Enterprise High Performance Computing 15-ESPOS rmt-server versions prior to 2.5.2-3.26.1. SUSE Linux Enterprise High Performance Computing 15-LTSS rmt-server versions prior to 2.5.2-3.26.1. SUSE Linux Enterprise Module for Public Cloud 15-SP1 rmt-server versions prior to 2.5.2-3.9.1. SUSE Linux Enterprise Module for Server Applications 15 rmt-server versions prior to 2.5.2-3.26.1. SUSE Linux Enterprise Module for Server Applications 15-SP1 rmt-server versions prior to 2.5.2-3.9.1. SUSE Linux Enterprise Server 15-LTSS rmt-server versions prior to 2.5.2-3.26.1. SUSE Linux Enterprise Server for SAP 15 rmt-server versions prior to 2.5.2-3.26.1. openSUSE Leap 15.1 rmt-server versions prior to 2.5.2-lp151.2.9.1.

CVSS Metrics

v3.1•MEDIUM•Score: 6.5CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
v3.1•HIGH•Score: 7.5CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
v2.0•MEDIUM•Score: 5AV:N/AC:L/Au:N/C:N/I:N/A:P

EPSS Trends

Current EPSS score: 0.93%• Percentile: 77%

Techniques & Countermeasures

CWE-400•Uncontrolled Resource Consumption
The product does not properly control the allocation and maintenance of a limited resource.

Affected Systems

opensuse•opensuse leap 15.1
≥ rmt-server, < 2.5.2-lp151.2.9.1
opensuse•rmt-server
≤ 2.5.2-3.26.1 | ≤ 2.5.2-3.9.1 | ≤ 2.5.2-lp151.2.9.1
suse•suse linux enterprise high performance computing 15-espos
≥ rmt-server, < 2.5.2-3.26.1
suse•suse linux enterprise high performance computing 15-ltss
≥ rmt-server, < 2.5.2-3.26.1
suse•suse linux enterprise module for public cloud 15-sp1
≥ rmt-server, < 2.5.2-3.9.1
suse•suse linux enterprise module for server applications 15
≥ rmt-server, < 2.5.2-3.26.1
suse•suse linux enterprise module for server applications 15-sp1
≥ rmt-server, < 2.5.2-3.9.1
suse•suse linux enterprise server 15-ltss
≥ rmt-server, < 2.5.2-3.26.1
suse•suse linux enterprise server for sap 15
≥ rmt-server, < 2.5.2-3.26.1

References (1)

https://bugzilla.suse.com/show_bug.cgi?id=1160922