Vulnerability Details CVE-2024-1930
No Limit on Number of Open Sessions / Bad Session Close Behaviour in dnf5daemon-server before 5.1.17 allows a malicious user to impact Availability via No Limit on Number of Open Sessions.
There is no limit on how many sessions D-Bus clients may create using the `open_session()` D-Bus method. For each session a thread is created in dnf5daemon-server. This spends a couple of hundred megabytes of memory in the process. Further connections will become impossible, likely because no more threads can be spawned by the D-Bus service.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.001
EPSS Ranking 21.1%
CVSS Severity
CVSS v3 Score 6.5
References
Products affected by CVE-2024-1930
-
cpe:2.3:a:rpm-software-management:dnf5:*