No Limit on Number of Open Sessions / Bad Session Close...
Moderate severity
Unreviewed
Published
May 8, 2024
to the GitHub Advisory Database
•
Updated May 8, 2024
Description
Published by the National Vulnerability Database
May 8, 2024
Published to the GitHub Advisory Database
May 8, 2024
Last updated
May 8, 2024
No Limit on Number of Open Sessions / Bad Session Close Behaviour in dnf5daemon-server before 5.1.17 allows a malicious user to impact Availability via No Limit on Number of Open Sessions.
There is no limit on how many sessions D-Bus clients may create using the
open_session()
D-Bus method. For each session a thread is created in dnf5daemon-server. This spends a couple of hundred megabytes of memory in the process. Further connections will become impossible, likely because no more threads can be spawned by the D-Bus service.References