7.5

CVSS Score

3.1

-

CVSS Score

Basic Information

Concerned about an active attack path?

Talk to our security experts and see Miggo in action.

Miggo Vulnerability Database

→

GHSA-9gjg-834p-5gvv

GHSA-9gjg-834p-5gvv: Duplicate Advisory: Keylime's registrar vulnerable to Denial-of-service attack via a single open connection

Duplicate Advisory

This advisory has been withdrawn because it is a duplicate of GHSA-pg75-v6fp-8q59. This link is maintained to preserve external references.

Original Description

A flaw was found in Keylime. Due to their blocking nature, the Keylime registrar is subject to a remote denial of service against its SSL connections. This flaw allows an attacker to exhaust all available connections.

(GitHub Advisory)

Miggo Vulnerability Database

→

GHSA-9gjg-834p-5gvv

GHSA-9gjg-834p-5gvv:

7.5

CVSS Score

3.1

-

CVSS Score

Basic Information

Technical Details

Package Name	Ecosystem	Vulnerable Versions	First Patched Version
keylime	pip	< 7.4.0	7.4.0

Technical Details

Vulnerability Intelligence
Miggo AI

Root Cause Analysis

The vulnerability stems from the SSL socket configuration in the 'start' function where 'do_handshake_on_connect=True' (default) caused blocking during SSL handshakes. However, during exploitation, the blocking occurs in the Python 'ssl' module's internal handshake logic rather than within Keylime's application code. The patch introduces a non-blocking handshake handler in 'ProtectedHandler.handle()', but the original vulnerable code path does not contain Keylime-specific functions in the runtime stack during attack execution. The actual resource exhaustion occurs at the SSL/TLS layer (standard library), not in observable application functions.

Vulnerable functions

Only Mi**o us*rs **n s** t*is s**tion

WAF Protection Rules

WAF Rule

W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.

Reasoning

*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.

7.5

-

Basic Information

Basic Information

Concerned about an active attack path?

GHSA-9gjg-834p-5gvv: Duplicate Advisory: Keylime's registrar vulnerable to Denial-of-service attack via a single open connection

Duplicate Advisory

Original Description

GHSA-9gjg-834p-5gvv:

7.5

-

Basic Information

Basic Information

Technical Details

Technical Details

Vulnerability IntelligenceMiggo AI

Root Cause Analysis

Vulnerable functions

WAF Protection Rules

WAF Rule

Reasoning

Vulnerability IntelligenceMiggo AI

7.5

7.5

GHSA-9gjg-834p-5gvv: Duplicate Advisory: Keylime's registrar vulnerable to Denial-of-service attack via a single open connection

Duplicate Advisory

Original Description

Technical Details

Basic Information

Basic Information

Vulnerability IntelligenceMiggo AI

Root Cause Analysis

Vulnerable functions

WAF Protection Rules

WAF Rule

Reasoning

Vulnerability Intelligence
Miggo AI

Vulnerability Intelligence
Miggo AI

Vulnerability Intelligence
Miggo AI