How severe is CVE-2023-38505?

This vulnerability has a severity rating of HIGH with a CVSS score of 7.5 out of 10.

What type of vulnerability is CVE-2023-38505?

This is classified as CWE-410, which is a common weakness in software security.

CVE-2023-38505 - HIGH Severity | CVSS 7.5

Vulnerability Description

DietPi-Dashboard is a web dashboard for the operating system DietPi. The dashboard only allows for one TLS handshake to be in process at a given moment. Once a TCP connection is established in HTTPS mode, it will assume that it should be waiting for a handshake, and will stay this way indefinitely until a handshake starts or some error occurs. In version 0.6.1, this can be exploited by simply not starting the handshake, preventing any other TLS handshakes from getting through. An attacker can lock the dashboard in a state where it is waiting for a TLS handshake from the attacker, who won't provide it. This prevents any legitimate traffic from getting to the dashboard, and can last indefinitely. Version 0.6.2 has a patch for this issue. As a workaround, do not use HTTPS mode on the open internet where anyone can connect. Instead, put a reverse proxy in front of the dashboard, and have it handle any HTTPS connections.

Related Vulnerabilities

CVE-2018-13815

HIGH

CVSS:7.5(High)

A vulnerability has been identified in SIMATIC S7-1200 (All versions), SIMATIC S7-1500 (All Versions < V2.6). An attacker could exhaust the available connection pool of an affected device by opening a...

CWE-4102018

CVE-2019-0056

HIGH

CVSS:7.5(High)

This issue only affects devices with three (3) or more MPC10's installed in a single chassis with OSPF enabled and configured on the device. An Insufficient Resource Pool weakness allows an attacker t...

CWE-4102019

CVE-2019-13921

HIGH

CVSS:7.5(High)

A vulnerability has been identified in SIMATIC WinAC RTX (F) 2010 (All versions < SP3 Update 1). Affected versions of the software contain a vulnerability that could allow an unauthenticated attacker ...

CWE-4102019

CVE-2022-2048

HIGH

CVSS:7.5(High)

In Eclipse Jetty HTTP/2 server implementation, when encountering an invalid HTTP/2 request, the error handling has a bug that can wind up not properly cleaning up the active connections and associated...

CWE-4102022

CVE-2022-46679

HIGH

CVSS:7.5(High)

Dell PowerScale OneFS 8.2.x, 9.0.0.x - 9.4.0.x, contain an insufficient resource pool vulnerability. A remote unauthenticated attacker could potentially exploit this vulnerability, leading to denial o...

CWE-4102022

CVE-2025-27479

HIGH

CVSS:7.5(High)

Insufficient resource pool in Windows Kerberos allows an unauthorized attacker to deny service over a network.

CWE-4102025