CWE-412
Unrestricted Externally Accessible Lock
The product properly checks for the existence of a lock, but the lock can be externally controlled or influenced by an actor that is outside of the intended sphere of control.
CVE-2019-11485 (GCVE-0-2019-11485)
Vulnerability from cvelistv5
Published
2020-02-08 04:50
Modified
2024-09-16 16:57
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-412 - Unrestricted Externally Accessible Lock
Summary
Sander Bos discovered Apport's lock file was in a world-writable directory which allowed all users to prevent crash handling.
References
| ► | URL | Tags | ||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T22:55:40.473Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://usn.ubuntu.com/usn/usn-4171-1"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://usn.ubuntu.com/usn/usn-4171-2"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "apport",
"vendor": "Canonical",
"versions": [
{
"lessThan": "2.14.1-0ubuntu3.29+esm2",
"status": "affected",
"version": "2.14.1",
"versionType": "custom"
},
{
"lessThan": "2.20.1-0ubuntu2.20",
"status": "affected",
"version": "2.20.1",
"versionType": "custom"
},
{
"lessThan": "2.20.9-0ubuntu7.8",
"status": "affected",
"version": "2.20.9",
"versionType": "custom"
},
{
"lessThan": "2.20.11-0ubuntu8.1",
"status": "affected",
"version": "2.20.11",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Sander Bos"
}
],
"datePublic": "2019-10-29T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Sander Bos discovered Apport\u0027s lock file was in a world-writable directory which allowed all users to prevent crash handling."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "LOW",
"baseScore": 3.3,
"baseSeverity": "LOW",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-412",
"description": "CWE-412 Unrestricted Externally Accessible Lock",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-07-30T17:32:33",
"orgId": "cc1ad9ee-3454-478d-9317-d3e869d708bc",
"shortName": "canonical"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://usn.ubuntu.com/usn/usn-4171-1"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://usn.ubuntu.com/usn/usn-4171-2"
}
],
"source": {
"advisory": "https://usn.ubuntu.com/usn/usn-4171-1",
"defect": [
"https://bugs.launchpad.net/apport/+bug/1839415"
],
"discovery": "EXTERNAL"
},
"title": "apport created lock file in wrong directory",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@ubuntu.com",
"DATE_PUBLIC": "2019-10-29T00:00:00.000Z",
"ID": "CVE-2019-11485",
"STATE": "PUBLIC",
"TITLE": "apport created lock file in wrong directory"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "apport",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "2.14.1",
"version_value": "2.14.1-0ubuntu3.29+esm2"
},
{
"version_affected": "\u003c",
"version_name": "2.20.1",
"version_value": "2.20.1-0ubuntu2.20"
},
{
"version_affected": "\u003c",
"version_name": "2.20.9",
"version_value": "2.20.9-0ubuntu7.8"
},
{
"version_affected": "\u003c",
"version_name": "2.20.11",
"version_value": "2.20.11-0ubuntu8.1"
}
]
}
}
]
},
"vendor_name": "Canonical"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Sander Bos"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Sander Bos discovered Apport\u0027s lock file was in a world-writable directory which allowed all users to prevent crash handling."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "LOW",
"baseScore": 3.3,
"baseSeverity": "LOW",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-412 Unrestricted Externally Accessible Lock"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://usn.ubuntu.com/usn/usn-4171-1",
"refsource": "MISC",
"url": "https://usn.ubuntu.com/usn/usn-4171-1"
},
{
"name": "https://usn.ubuntu.com/usn/usn-4171-2",
"refsource": "MISC",
"url": "https://usn.ubuntu.com/usn/usn-4171-2"
}
]
},
"source": {
"advisory": "https://usn.ubuntu.com/usn/usn-4171-1",
"defect": [
"https://bugs.launchpad.net/apport/+bug/1839415"
],
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "cc1ad9ee-3454-478d-9317-d3e869d708bc",
"assignerShortName": "canonical",
"cveId": "CVE-2019-11485",
"datePublished": "2020-02-08T04:50:23.604794Z",
"dateReserved": "2019-04-23T00:00:00",
"dateUpdated": "2024-09-16T16:57:41.110Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-18269 (GCVE-0-2019-18269)
Vulnerability from cvelistv5
Published
2019-12-16 19:21
Modified
2024-08-05 01:47
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-412 - Unrestricted Externally Accessible Lock
Summary
Omron’s CS and CJ series PLCs have an unrestricted externally accessible lock vulnerability.
References
| ► | URL | Tags |
|---|---|---|
Impacted products
| Vendor | Product | Version | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ► | Omron | Omron PLC CJ Series |
Version: all versions |
|||||||||||
|
||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T01:47:14.075Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.us-cert.gov/ics/advisories/icsa-19-346-02"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.omron-cxone.com/security/2019-12-06_PLC_EN.pdf"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Omron PLC CJ Series",
"vendor": "Omron",
"versions": [
{
"status": "affected",
"version": "all versions"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Omron PLC CS series",
"vendor": "Omron",
"versions": [
{
"status": "affected",
"version": "all versions"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Omron PLC NX1P2 series",
"vendor": "Omron",
"versions": [
{
"status": "affected",
"version": "all versions"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Jipeng You (XDU) and n0b0dy reported these vulnerabilities to CISA."
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eOmron\u2019s CS and CJ series PLCs have an unrestricted externally accessible lock vulnerability. \u003c/span\u003e\n\n"
}
],
"value": "\nOmron\u2019s CS and CJ series PLCs have an unrestricted externally accessible lock vulnerability. \n\n"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-412",
"description": "CWE-412 Unrestricted Externally Accessible Lock",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-04-27T22:40:45.810Z",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.us-cert.gov/ics/advisories/icsa-19-346-02"
},
{
"url": "https://www.omron-cxone.com/security/2019-12-06_PLC_EN.pdf"
}
],
"source": {
"discovery": "EXTERNAL"
},
"workarounds": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\n\n\u003cp\u003eOmron recommends the following mitigation measures:\u003c/p\u003e\u003cul\u003e\u003cli\u003eFilter FINS port: Protect access to Omron\u2019s PLC with a firewall and blocking unnecessary remote access to FINS port (default: 9600).\u003c/li\u003e\u003cli\u003eFilter IP addresses: Protect access to Omron\u2019s PLC with a firewall and filtering devices connected to the PLC by IP address.\u003c/li\u003e\u003c/ul\u003e\u003cp\u003eFor more information provided by Omron on these vulnerabilities refer to \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://gcc01.safelinks.protection.outlook.com/?url=http%3A%2F%2Fwww.omron-cxone.com%2Fsecurity%2F2019-12-06_PLC_EN.pdf\u0026amp;data=02%7C01%7Ckent.norris%40inl.gov%7C20bf150382654ea6bed508d77a33e9d1%7C4cf464b7869a42368da2a98566485554%7C0%7C1%7C637112235716101466\u0026amp;sdata=HF291pOMe65LwSvq4DynQqT%2FX7Sw%2BT92JGwRsXmC7WU%3D\u0026amp;reserved=0\"\u003eVulnerabilities in Omron CS and CJ series CPU PLCs\u003c/a\u003e.\u003c/p\u003e\n\n\u003cbr\u003e"
}
],
"value": "\nOmron recommends the following mitigation measures:\n\n * Filter FINS port: Protect access to Omron\u2019s PLC with a firewall and blocking unnecessary remote access to FINS port (default: 9600).\n * Filter IP addresses: Protect access to Omron\u2019s PLC with a firewall and filtering devices connected to the PLC by IP address.\n\n\nFor more information provided by Omron on these vulnerabilities refer to Vulnerabilities in Omron CS and CJ series CPU PLCs https://gcc01.safelinks.protection.outlook.com/ .\n\n\n\n\n"
}
],
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "ics-cert@hq.dhs.gov",
"ID": "CVE-2019-18269",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Omron PLC CJ and CS Series",
"version": {
"version_data": [
{
"version_value": "Omron PLC CJ series, all versions, Omron PLC CS series, all versions"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In Omron PLC CJ series, all versions, and Omron PLC CS series, all versions, the software properly checks for the existence of a lock, but the lock can be externally controlled or influenced by an actor that is outside of the intended sphere of control."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "UNRESTRICTED EXTERNALLY ACCESSIBLE LOCK CWE-412"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.us-cert.gov/ics/advisories/icsa-19-346-02",
"refsource": "MISC",
"url": "https://www.us-cert.gov/ics/advisories/icsa-19-346-02"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2019-18269",
"datePublished": "2019-12-16T19:21:31",
"dateReserved": "2019-10-22T00:00:00",
"dateUpdated": "2024-08-05T01:47:14.075Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-22318 (GCVE-0-2023-22318)
Vulnerability from cvelistv5
Published
2023-05-15 08:34
Modified
2025-01-23 19:19
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-412 - Unrestricted Externally Accessible Lock
Summary
Denial of service in Webconf in Tribe29 Checkmk Appliance before 1.6.5.
References
| ► | URL | Tags |
|---|---|---|
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Tribe29 | Checkmk Appliance |
Version: 0 ≤ |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T10:07:06.219Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://checkmk.com/werk/9526"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-22318",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-01-23T19:18:05.392756Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-01-23T19:19:35.769Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Checkmk Appliance",
"vendor": "Tribe29",
"versions": [
{
"lessThan": "1.6.5",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Denial of service in Webconf in Tribe29 Checkmk Appliance before 1.6.5."
}
],
"impacts": [
{
"capecId": "CAPEC-469",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-469: HTTP DoS"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-412",
"description": "CWE-412: Unrestricted Externally Accessible Lock",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-05-15T08:34:43.641Z",
"orgId": "f7d6281c-4801-44ce-ace2-493291dedb0f",
"shortName": "Tribe29"
},
"references": [
{
"url": "https://checkmk.com/werk/9526"
}
],
"title": "Denial of service against webconf"
}
},
"cveMetadata": {
"assignerOrgId": "f7d6281c-4801-44ce-ace2-493291dedb0f",
"assignerShortName": "Tribe29",
"cveId": "CVE-2023-22318",
"datePublished": "2023-05-15T08:34:43.641Z",
"dateReserved": "2023-01-18T15:32:06.483Z",
"dateUpdated": "2025-01-23T19:19:35.769Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-38505 (GCVE-0-2023-38505)
Vulnerability from cvelistv5
Published
2023-07-27 18:49
Modified
2024-10-10 16:07
Severity ?
VLAI Severity ?
EPSS score ?
Summary
DietPi-Dashboard is a web dashboard for the operating system DietPi. The dashboard only allows for one TLS handshake to be in process at a given moment. Once a TCP connection is established in HTTPS mode, it will assume that it should be waiting for a handshake, and will stay this way indefinitely until a handshake starts or some error occurs. In version 0.6.1, this can be exploited by simply not starting the handshake, preventing any other TLS handshakes from getting through. An attacker can lock the dashboard in a state where it is waiting for a TLS handshake from the attacker, who won't provide it. This prevents any legitimate traffic from getting to the dashboard, and can last indefinitely. Version 0.6.2 has a patch for this issue. As a workaround, do not use HTTPS mode on the open internet where anyone can connect. Instead, put a reverse proxy in front of the dashboard, and have it handle any HTTPS connections.
References
| ► | URL | Tags | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| ravenclaw900 | DietPi-Dashboard |
Version: = 0.6.1 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T17:46:55.177Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://github.com/ravenclaw900/DietPi-Dashboard/security/advisories/GHSA-3jr4-9rxf-fr44",
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/ravenclaw900/DietPi-Dashboard/security/advisories/GHSA-3jr4-9rxf-fr44"
},
{
"name": "https://github.com/ravenclaw900/DietPi-Dashboard/pull/606",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/ravenclaw900/DietPi-Dashboard/pull/606"
},
{
"name": "https://github.com/ravenclaw900/DietPi-Dashboard/commit/79cd78615d28f577454415e4baafe4dcd9d09666",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/ravenclaw900/DietPi-Dashboard/commit/79cd78615d28f577454415e4baafe4dcd9d09666"
},
{
"name": "https://asciinema.org/a/8nRKbdf7AkPLmP3QxFZUSmPwp?t=7",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://asciinema.org/a/8nRKbdf7AkPLmP3QxFZUSmPwp?t=7"
}
],
"title": "CVE Program Container"
},
{
"affected": [
{
"cpes": [
"cpe:2.3:a:dietpi-dashboard_project:dietpi-dashboard:0.6.1:*:*:*:*:rust:*:*"
],
"defaultStatus": "unknown",
"product": "dietpi-dashboard",
"vendor": "dietpi-dashboard_project",
"versions": [
{
"status": "affected",
"version": "0.6.1"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-38505",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-10T15:38:46.675046Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-10T16:07:41.956Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "DietPi-Dashboard",
"vendor": "ravenclaw900",
"versions": [
{
"status": "affected",
"version": "= 0.6.1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "DietPi-Dashboard is a web dashboard for the operating system DietPi. The dashboard only allows for one TLS handshake to be in process at a given moment. Once a TCP connection is established in HTTPS mode, it will assume that it should be waiting for a handshake, and will stay this way indefinitely until a handshake starts or some error occurs. In version 0.6.1, this can be exploited by simply not starting the handshake, preventing any other TLS handshakes from getting through. An attacker can lock the dashboard in a state where it is waiting for a TLS handshake from the attacker, who won\u0027t provide it. This prevents any legitimate traffic from getting to the dashboard, and can last indefinitely. Version 0.6.2 has a patch for this issue. As a workaround, do not use HTTPS mode on the open internet where anyone can connect. Instead, put a reverse proxy in front of the dashboard, and have it handle any HTTPS connections."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-410",
"description": "CWE-410: Insufficient Resource Pool",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-412",
"description": "CWE-412: Unrestricted Externally Accessible Lock",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-07-27T18:49:29.182Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/ravenclaw900/DietPi-Dashboard/security/advisories/GHSA-3jr4-9rxf-fr44",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/ravenclaw900/DietPi-Dashboard/security/advisories/GHSA-3jr4-9rxf-fr44"
},
{
"name": "https://github.com/ravenclaw900/DietPi-Dashboard/pull/606",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/ravenclaw900/DietPi-Dashboard/pull/606"
},
{
"name": "https://github.com/ravenclaw900/DietPi-Dashboard/commit/79cd78615d28f577454415e4baafe4dcd9d09666",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/ravenclaw900/DietPi-Dashboard/commit/79cd78615d28f577454415e4baafe4dcd9d09666"
},
{
"name": "https://asciinema.org/a/8nRKbdf7AkPLmP3QxFZUSmPwp?t=7",
"tags": [
"x_refsource_MISC"
],
"url": "https://asciinema.org/a/8nRKbdf7AkPLmP3QxFZUSmPwp?t=7"
}
],
"source": {
"advisory": "GHSA-3jr4-9rxf-fr44",
"discovery": "UNKNOWN"
},
"title": "DietPi-Dashboard Insufficient TLS Handshake Pool"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2023-38505",
"datePublished": "2023-07-27T18:49:29.182Z",
"dateReserved": "2023-07-18T16:28:12.077Z",
"dateUpdated": "2024-10-10T16:07:41.956Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
Mitigation
Phases: Architecture and Design, Implementation
Description:
- Use any access control that is offered by the functionality that is offering the lock.
Mitigation
Phases: Architecture and Design, Implementation
Description:
- Use unpredictable names or identifiers for the locks. This might not always be possible or feasible.
Mitigation
Phase: Architecture and Design
Description:
- Consider modifying your code to use non-blocking synchronization methods.
CAPEC-25: Forced Deadlock
The adversary triggers and exploits a deadlock condition in the target software to cause a denial of service. A deadlock can occur when two or more competing actions are waiting for each other to finish, and thus neither ever does. Deadlock conditions can be difficult to detect.