Candidate: CVE-2019-3804
PublicDate: 2019-03-26 18:29:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-3804
 https://github.com/cockpit-project/cockpit/pull/10819
 https://github.com/cockpit-project/cockpit/commit/c51f6177576d7e12
Description:
 It was found that cockpit before version 184 used glib's base64 decode
 functionality incorrectly resulting in a denial of service attack. An
 unauthenticated attacker could send a specially crafted request with an
 invalid base64-encoded cookie which could cause the web service to crash.
Ubuntu-Description:
Notes:
Bugs:
Priority: low
Discovered-by:
Assigned-to:
CVSS:
 nvd: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H [7.5 HIGH]
 nvd: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H [7.5 HIGH]


Patches_cockpit:
upstream_cockpit: released (184-1)
precise/esm_cockpit: DNE
trusty_cockpit: DNE
trusty/esm_cockpit: DNE
xenial_cockpit: DNE
bionic_cockpit: needs-triage
cosmic_cockpit: ignored (reached end-of-life)
disco_cockpit: ignored (reached end-of-life)
eoan_cockpit: ignored (reached end-of-life)
focal_cockpit: needs-triage
groovy_cockpit: ignored (reached end-of-life)
hirsute_cockpit: ignored (reached end-of-life)
impish_cockpit: needs-triage
jammy_cockpit: needs-triage
devel_cockpit: needs-triage