It was found that cockpit before version 184 used glibs base64 decode functionality incorrectly resulting in a denial of service attack. An unauthenticated attacker could send a specially crafted request with an invalid base64-encoded cookie which could cause the web service to crash.
The product does not initialize a critical resource.
Name | Vendor | Start Version | End Version |
---|---|---|---|
Cockpit | Cockpit-project | * | 184 (excluding) |