CVE-2019-18904

Summary

A Uncontrolled Resource Consumption vulnerability in rmt of SUSE Linux Enterprise High Performance Computing 15-ESPOS, SUSE Linux Enterprise High Performance Computing 15-LTSS, SUSE Linux Enterprise Module for Public Cloud 15-SP1, SUSE Linux Enterprise Module for Server Applications 15, SUSE Linux Enterprise Module for Server Applications 15-SP1, SUSE Linux Enterprise Server 15-LTSS, SUSE Linux Enterprise Server for SAP 15; openSUSE Leap 15.1 allows remote attackers to cause DoS against rmt by requesting migrations. This issue affects: SUSE Linux Enterprise High Performance Computing 15-ESPOS rmt-server versions prior to 2.5.2-3.26.1. SUSE Linux Enterprise High Performance Computing 15-LTSS rmt-server versions prior to 2.5.2-3.26.1. SUSE Linux Enterprise Module for Public Cloud 15-SP1 rmt-server versions prior to 2.5.2-3.9.1. SUSE Linux Enterprise Module for Server Applications 15 rmt-server versions prior to 2.5.2-3.26.1. SUSE Linux Enterprise Module for Server Applications 15-SP1 rmt-server versions prior to 2.5.2-3.9.1. SUSE Linux Enterprise Server 15-LTSS rmt-server versions prior to 2.5.2-3.26.1. SUSE Linux Enterprise Server for SAP 15 rmt-server versions prior to 2.5.2-3.26.1. openSUSE Leap 15.1 rmt-server versions prior to 2.5.2-lp151.2.9.1.

Affected Software

VendorProductVersion RangeStatus
SUSESUSE Linux Enterprise High Performance Computing 15-ESPOSrmt-server < 2.5.2-3.26.1affected
SUSESUSE Linux Enterprise High Performance Computing 15-LTSSrmt-server < 2.5.2-3.26.1affected
SUSESUSE Linux Enterprise Module for Public Cloud 15-SP1rmt-server < 2.5.2-3.9.1affected
SUSESUSE Linux Enterprise Module for Server Applications 15rmt-server < 2.5.2-3.26.1affected
SUSESUSE Linux Enterprise Module for Server Applications 15-SP1rmt-server < 2.5.2-3.9.1affected
SUSESUSE Linux Enterprise Server 15-LTSSrmt-server < 2.5.2-3.26.1affected
SUSESUSE Linux Enterprise Server for SAP 15rmt-server < 2.5.2-3.26.1affected
openSUSEopenSUSE Leap 15.1rmt-server < 2.5.2-lp151.2.9.1affected

Weaknesses

  • CWE-400: CWE-400: Uncontrolled Resource Consumption

ADP Enrichment

CVE Program Container

Additional References

References