CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2023-2253

A flaw was found in the `/v2/_catalog` endpoint in distribution/distribution, which accepts a parameter to control the maximum number of records returned (query string: `n`). This vulnerability allows a malicious user to submit an unreasonably large value for `n,` causing the allocation of a massive string array, possibly causing a denial of service through excessive use of memory.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.001

EPSS Ranking 21.7%

CVSS Severity

CVSS v3 Score 6.5

References

https://bugzilla.redhat.com/show_bug.cgi?id=2189886
https://lists.debian.org/debian-lts-announce/2023/06/msg00035.html
https://bugzilla.redhat.com/show_bug.cgi?id=2189886
https://lists.debian.org/debian-lts-announce/2023/06/msg00035.html

Products affected by CVE-2023-2253

Redhat » Openshift Api For Data Protection » Version: N/A

cpe:2.3:a:redhat:openshift_api_for_data_protection:-
Redhat » Openshift Container Platform » Version: 4.0

cpe:2.3:a:redhat:openshift_container_platform:4.0
Redhat » Openshift Developer Tools And Services » Version: N/A

cpe:2.3:a:redhat:openshift_developer_tools_and_services:-

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2023-2253

Products

Pricing

Contact Us