CVE-2023-2253
CVSS Score
6.5
EPSS Score
0.0%
EPSS Percentile
0th
A flaw was found in the `/v2/_catalog` endpoint in distribution/distribution, which accepts a parameter to control the maximum number of records returned (query string: `n`). This vulnerability allows a malicious user to submit an unreasonably large value for `n,` causing the allocation of a massive string array, possibly causing a denial of service through excessive use of memory.
| CWE | CWE-475 |
| Vendor | n/a |
| Product | distribution/distribution |
| Published | Jun 6, 2023 |
| Last Updated | Jan 7, 2025 |
Stay Ahead of the Next One
Get instant alerts for n/a distribution/distribution
Be the first to know when new medium vulnerabilities affecting n/a distribution/distribution are published โ delivered to Slack, Telegram or Discord.
Get Free Alerts โ
Free ยท No credit card ยท 60 sec setup
Affected Versions
n/a / distribution/distribution
NA