{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-04-25T06:42:53.193","vulnerabilities":[{"cve":{"id":"CVE-2024-1930","sourceIdentifier":"patrick@puiterwijk.org","published":"2024-05-08T02:15:09.503","lastModified":"2025-08-07T17:21:11.740","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"No Limit on Number of Open Sessions / Bad Session Close Behaviour  in dnf5daemon-server before 5.1.17 allows a malicious user to impact Availability via No Limit on Number of Open Sessions.\n\nThere is no limit on how many sessions D-Bus clients may create using the `open_session()` D-Bus method. For each session a thread is created in dnf5daemon-server. This spends a couple of hundred megabytes of memory in the process. Further connections will become impossible, likely because no more threads can be spawned by the D-Bus service.\n\n"},{"lang":"es","value":"Sin límite en el número de sesiones abiertas / mal comportamiento de cierre de sesión en dnf5daemon-server anterior a 5.1.17 permite que un usuario malintencionado afecte la disponibilidad mediante Sin límite en el número de sesiones abiertas. No hay límite en la cantidad de sesiones que los clientes D-Bus pueden crear usando el método D-Bus `open_session()`. Para cada sesión se crea un hilo en dnf5daemon-server. Esto gasta un par de cientos de megabytes de memoria en el proceso. Será imposible realizar más conexiones, probablemente porque el servicio D-Bus no puede generar más subprocesos."}],"metrics":{"cvssMetricV31":[{"source":"patrick@puiterwijk.org","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H","baseScore":6.5,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"CHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":2.0,"impactScore":4.0}]},"weaknesses":[{"source":"patrick@puiterwijk.org","type":"Secondary","description":[{"lang":"en","value":"CWE-400"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:rpm-software-management:dnf5:*:*:*:*:*:*:*:*","versionEndExcluding":"5.1.17","matchCriteriaId":"011EF61C-CD6B-48B4-8E4B-EC5E3C9841AB"}]}]}],"references":[{"url":"https://www.openwall.com/lists/oss-security/2024/03/04/2","source":"patrick@puiterwijk.org","tags":["Exploit","Mailing List","Third Party Advisory"]},{"url":"https://www.openwall.com/lists/oss-security/2024/03/04/2","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Exploit","Mailing List","Third Party Advisory"]}]}}]}