CVE-2020-1722

A flaw was found in all ipa versions 4.x.x through 4.8.0. When sending a very long password (>= 1,000,000 characters) to the server, the password hashing process could exhaust memory and CPU leading to a denial of service and the website becoming unresponsive. The highest threat from this vulnerability is to system availability.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
5.3 MEDIUM
NETWORK
HIGH
NONE
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H
Base Score
CVSS 3.x
EPSS Score
Percentile: 59%
Affected Products (NVD)
VendorProductVersion
freeipafreeipa
4.0.0 ≤
𝑥
≤ 4.8.0
redhatenterprise_linux
6.0
redhatenterprise_linux
7.0
redhatenterprise_linux
8.0
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
freeipa
bookworm
4.9.11-1
fixed
buster
no-dsa
sid
4.11.1-2.1
fixed
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
freeipa
bionic
needs-triage
eoan
ignored
focal
needs-triage
groovy
ignored
hirsute
ignored
impish
ignored
jammy
needs-triage
kinetic
ignored
lunar
ignored
mantic
ignored
noble
needs-triage
trusty
needs-triage
xenial
needs-triage
Red Hat logo
Red Hat Enterprise Linux Releases
Red Hat Product
Release
ipa-client
RHEL 7
0:4.6.8-5.el7
fixed
ipa-client-common
RHEL 7
0:4.6.8-5.el7
fixed
ipa-common
RHEL 7
0:4.6.8-5.el7
fixed
ipa-python-compat
RHEL 7
0:4.6.8-5.el7
fixed
ipa-server
RHEL 7
0:4.6.8-5.el7
fixed
ipa-server-common
RHEL 7
0:4.6.8-5.el7
fixed
ipa-server-dns
RHEL 7
0:4.6.8-5.el7
fixed
ipa-server-trust-ad
RHEL 7
0:4.6.8-5.el7
fixed
python2-ipaclient
RHEL 7
0:4.6.8-5.el7
fixed
python2-ipalib
RHEL 7
0:4.6.8-5.el7
fixed
python2-ipaserver
RHEL 7
0:4.6.8-5.el7
fixed
Common Weakness Enumeration
References
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-1722
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-1722