CVE-2023-20897

Salt vulnerable to denial of service in pypi/salt

Identifiers

CVE-2023-20897, GHSA-vpjg-wmf8-29h9

Package Slug

pypi/salt

Vulnerability

Salt vulnerable to denial of service

Description

Salt masters prior to 3005.2 or 3006.2 contain a DoS in minion return. After receiving several bad packets on the request server equal to the number of worker threads, the master will become unresponsive to return requests until restarted.

Affected Versions

All versions before 3005.2, all versions starting from 3006.0 before 3006.2

Solution

Upgrade to versions 3005.2, 3006.2 or above.

Last Modified

2023-09-07

source