How severe is CVE-2023-33199?

This vulnerability has a severity rating of MEDIUM with a CVSS score of 5.3 out of 10.

What type of vulnerability is CVE-2023-33199?

This is classified as CWE-617, which is a common weakness in software security.

CVE-2023-33199 - MEDIUM Severity | CVSS 5.3

Vulnerability Description

Rekor's goals are to provide an immutable tamper resistant ledger of metadata generated within a software projects supply chain. A malformed proposed entry of the `intoto/v0.0.2` type can cause a panic on a thread within the Rekor process. The thread is recovered so the client receives a 500 error message and service still continues, so the availability impact of this is minimal. This has been fixed in v1.2.0 of Rekor. Users are advised to upgrade. There are no known workarounds for this vulnerability.

Related Vulnerabilities

CVE-2017-3138

MEDIUM

CVSS:5.3(Medium)

named contains a feature which allows operators to issue commands to a running server by communicating with the server process over a control channel, using a utility program such as rndc. A regressio...

CWE-6172017

CVE-2018-20217

MEDIUM

CVSS:5.3(Medium)

A Reachable Assertion issue was discovered in the KDC in MIT Kerberos 5 (aka krb5) before 1.17. If an attacker can obtain a krbtgt ticket using an older encryption type (single-DES, triple-DES, or RC4...

CWE-6172018

CVE-2018-5736

MEDIUM

CVSS:5.3(Medium)

An error in zone database reference counting can lead to an assertion failure if a server which is running an affected version of BIND attempts several transfers of a slave zone in quick succession. T...

CWE-6172018

CVE-2019-6468

MEDIUM

CVSS:5.3(Medium)

In BIND Supported Preview Edition, an error in the nxdomain-redirect feature can occur in versions which support EDNS Client Subnet (ECS) features. In those versions which have ECS support, enabling n...

CWE-6172019

CVE-2021-28090

MEDIUM

CVSS:5.3(Medium)

Tor before 0.4.5.7 allows a remote attacker to cause Tor directory authorities to exit with an assertion failure, aka TROVE-2021-002.

CWE-6172021

CVE-2023-37002

MEDIUM

CVSS:5.3(Medium)

Open5GS MME versions <= 2.6.4 contain an assertion that can be remotely triggered via a malformed ASN.1 packet over the S1AP interface. An attacker may send an `E-RAB Modification Indication` message ...

CWE-6172023