Your submission was sent successfully! Close

You have successfully unsubscribed! Close

Thank you for signing up for our newsletter!Close


Published: 4 May 2023

A Regular Expression Denial of Service (ReDoS) issue was discovered in Puppet Server 7.9.2 certificate validation. An issue related to specifically crafted certificate names significantly slowed down server operations.



Cvss 3 Severity Score


Score breakdown


Package Release Status
Launchpad, Ubuntu, Debian
lunar Needs triage

trusty Ignored
(end of standard support)
upstream Needs triage

xenial Ignored
(end of standard support)
bionic Does not exist

focal Does not exist

jammy Does not exist

kinetic Does not exist

mantic Needs triage

Launchpad, Ubuntu, Debian
lunar Does not exist

kinetic Ignored
(end of life, was needs-triage)
bionic Needs triage

focal Needs triage

jammy Needs triage

trusty Needs triage

xenial Needs triage

upstream Not vulnerable
(debian: Limit to Puppet Server 7)
mantic Does not exist

Severity score breakdown

Parameter Value
Base score 5.3
Attack vector Network
Attack complexity Low
Privileges required None
User interaction None
Scope Unchanged
Confidentiality None
Integrity impact None
Availability impact Low
Vector CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L