CVE-2023-20897

NameCVE-2023-20897
DescriptionSalt masters prior to 3005.2 or 3006.2 contain a DOS in minion return. After receiving several bad packets on the request server equal to the number of worker threads, the master will become unresponsive to return requests until restarted.
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, Debian ELTS, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, GitHub advisories/code/issues, web search, more)
Debian Bugs1051504

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
saltsourcebuster(unfixed)end-of-life
saltsource(unstable)(unfixed)1051504

Notes

[buster] - salt <end-of-life> (EOL in buster LTS)
https://saltproject.io/security-announcements/2023-08-10-advisory/
https://github.com/saltstack/salt/issues/64061
Search for package or bug name: Reporting problems