Back to bug 2189886
| Who | When | What | Removed | Added |
|---|---|---|---|---|
| Anten Skrabec | 2023-04-26 10:14:00 UTC | CC | security-response-team | |
| Anten Skrabec | 2023-04-26 10:19:07 UTC | Blocks | 2189211 | |
| RaTasha Tillery-Smith | 2023-04-26 12:38:24 UTC | Doc Text | The `/v2/_catalog` endpoint in distribution/distribution accepts a parameter to control the maximum amount of records returned (query string: `n`). This allows a malicious user to submit a unreasonably large value for `n`, causing the allocation of a massive string array, possibly causing a DoS through excessive use of memory. | A flaw was found in the `/v2/_catalog` endpoint in distribution/distribution, which accepts a parameter to control the maximum number of records returned (query string: `n`). This vulnerability allows a malicious user to submit an unreasonably large value for `n,` causing the allocation of a massive string array, possibly causing a denial of service through excessive use of memory. |
| Anten Skrabec | 2023-05-01 19:55:39 UTC | Group | team ocp_embargoes | |
| Anten Skrabec | 2023-05-01 20:00:33 UTC | CC | dfreiber, jburrell, rogbas, vkumar | |
| Anten Skrabec | 2023-05-09 12:47:16 UTC | Deadline | 2023-05-08 | 2023-05-09 |
| Guilherme de Almeida Suckevicz | 2023-05-09 17:06:16 UTC | Group | qe_staff, team ocp_embargoes, security | |
| Deadline | 2023-05-09 | |||
| Summary | EMBARGOED CVE-2023-2253 distribution/distribution: DoS from malicious API request | CVE-2023-2253 distribution/distribution: DoS from malicious API request | ||
| Red Hat Bugzilla | 2023-07-07 08:29:39 UTC | CC | security-response-team | |
| Assignee | security-response-team | nobody | ||
| errata-xmlrpc | 2023-07-20 17:11:02 UTC | Link ID | Red Hat Product Errata RHSA-2023:4091 | |
| Product Security DevOps Team | 2023-07-20 21:51:17 UTC | Resolution | --- | ERRATA |
| Status | NEW | CLOSED | ||
| Last Closed | 2023-07-20 21:51:17 UTC |
Back to bug 2189886