keylime is vulnerable to denial of service. The vulnerability is due to a lack of proper exception handling in the request
function of tornado_requests.py
which allows an attacker to crash the application via malicious input.
access.redhat.com/security/cve/cve-2022-3500
github.com/keylime/keylime/commit/f969d397f92962b553f8c5bcbbeeb3bbdeca9456
github.com/keylime/keylime/pull/1128
lists.fedoraproject.org/archives/list/[email protected]/message/PUTHMDVFNGGVPCNPOGULMJAAFEP7MEXP/
lists.fedoraproject.org/archives/list/[email protected]/message/QX4XVCAUFGJ2I2NCTOKONTJGRJB2NBBT/
lists.fedoraproject.org/archives/list/[email protected]/message/ZQH5CJRX65QYMQN5WGUKKKE3IRJBWG5Z/