How severe is CVE-2023-29046?

This vulnerability has a severity rating of MEDIUM with a CVSS score of 4.3 out of 10.

What type of vulnerability is CVE-2023-29046?

This is classified as CWE-400, which is a common weakness in software security.

CVE-2023-29046 - MEDIUM Severity | CVSS 4.3

Vulnerability Description

Connections to external data sources, like e-mail autoconfiguration, were not terminated in case they hit a timeout, instead those connections were logged. Some connections use user-controlled endpoints, which could be malicious and attempt to keep the connection open for an extended period of time. As a result users were able to trigger large amount of egress network connections, possibly exhausting network pool resources and lock up legitimate requests. A new mechanism has been introduced to cancel external connections that might access user-controlled endpoints. No publicly available exploits are known.

Related Vulnerabilities

CVE-2012-0049

MEDIUM

CVSS:4.3(Medium)

OpenTTD before 1.1.5 contains a Denial of Service (slow read attack) that prevents users from joining the server.

CWE-4002012

CVE-2016-7427

MEDIUM

CVSS:4.3(Medium)

The broadcast mode replay prevention functionality in ntpd in NTP before 4.2.8p9 allows remote attackers to cause a denial of service (reject broadcast mode packets) via a crafted broadcast mode packe...

CWE-4002016

CVE-2016-7428

MEDIUM

CVSS:4.3(Medium)

ntpd in NTP before 4.2.8p9 allows remote attackers to cause a denial of service (reject broadcast mode packets) via the poll interval in a broadcast packet.

CWE-4002016

CVE-2018-15325

MEDIUM

CVSS:4.3(Medium)

In BIG-IP 14.0.0-14.0.0.2 or 13.0.0-13.1.1.1, iControl and TMSH usage by authenticated users may leak a small amount of memory when executing commands

CWE-4002018

CVE-2019-13011

MEDIUM

CVSS:4.3(Medium)

An issue was discovered in GitLab Enterprise Edition 8.11.0 through 12.0.2. By using brute-force a user with access to a project, but not it's repository could create a list of merge requests template...

CWE-4002019

CVE-2020-13333

MEDIUM

CVSS:4.3(Medium)

A potential DOS vulnerability was discovered in GitLab versions 13.1, 13.2 and 13.3. The api to update an asset as a link from a release had a regex check which caused exponential number of backtracks...

CWE-4002020