CVE-2017-14696

Source
Severity Medium
Remote Yes
Type Denial of service
Description
It has been discovered that salt incorrectly handled IDs with null bytes in decoded payloads. A specially crafted authentication request will crash the application while processing.
Group Package Affected Fixed Severity Status Ticket
AVG-438 salt 2017.7.1-1 2017.7.2-1 Medium Fixed
Date Advisory Group Package Severity Description
09 Oct 2017 ASA-201710-12 AVG-438 salt Medium multiple issues
References
https://groups.google.com/forum/#!topic/salt-announce/X8ZiQrZLujA
https://github.com/saltstack/salt/commit/5f8b5e1a0f23fe0f2be5b3c3e04199b57a53db5b