{"id":"UBUNTU-CVE-2019-3804","details":"It was found that cockpit before version 184 used glib's base64 decode functionality incorrectly resulting in a denial of service attack. An unauthenticated attacker could send a specially crafted request with an invalid base64-encoded cookie which could cause the web service to crash.","modified":"2025-10-24T04:47:26Z","published":"2019-03-26T18:29:00Z","upstream":["CVE-2019-3804"],"references":[{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2019-3804"},{"type":"REPORT","url":"https://github.com/cockpit-project/cockpit/pull/10819"},{"type":"REPORT","url":"https://github.com/cockpit-project/cockpit/commit/c51f6177576d7e12"},{"type":"REPORT","url":"https://www.cve.org/CVERecord?id=CVE-2019-3804"}],"affected":[{"package":{"name":"cockpit","ecosystem":"Ubuntu:18.04:LTS","purl":"pkg:deb/ubuntu/cockpit@164-1?arch=source&distro=bionic"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"}]}],"versions":["151-1","156-1","157-1","158-1","160-1","161-1","162-1","163-1","164-1"],"ecosystem_specific":{"binaries":[{"binary_version":"164-1","binary_name":"cockpit"},{"binary_version":"164-1","binary_name":"cockpit-bridge"},{"binary_version":"164-1","binary_name":"cockpit-dashboard"},{"binary_version":"164-1","binary_name":"cockpit-docker"},{"binary_version":"164-1","binary_name":"cockpit-machines"},{"binary_version":"164-1","binary_name":"cockpit-networkmanager"},{"binary_version":"164-1","binary_name":"cockpit-packagekit"},{"binary_version":"164-1","binary_name":"cockpit-storaged"},{"binary_version":"164-1","binary_name":"cockpit-system"},{"binary_version":"164-1","binary_name":"cockpit-tests"},{"binary_version":"164-1","binary_name":"cockpit-ws"}]},"database_specific":{"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2019/UBUNTU-CVE-2019-3804.json"}},{"package":{"name":"cockpit","ecosystem":"Ubuntu:20.04:LTS","purl":"pkg:deb/ubuntu/cockpit@215-1?arch=source&distro=focal"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"}]}],"versions":["202.1-1","204-1","206-1","207-1","208-1","210-1","211-1","212-1","213-1","214.1-1","215-1"],"ecosystem_specific":{"binaries":[{"binary_version":"215-1","binary_name":"cockpit"},{"binary_version":"215-1","binary_name":"cockpit-bridge"},{"binary_version":"215-1","binary_name":"cockpit-dashboard"},{"binary_version":"215-1","binary_name":"cockpit-machines"},{"binary_version":"215-1","binary_name":"cockpit-networkmanager"},{"binary_version":"215-1","binary_name":"cockpit-packagekit"},{"binary_version":"215-1","binary_name":"cockpit-pcp"},{"binary_version":"215-1","binary_name":"cockpit-storaged"},{"binary_version":"215-1","binary_name":"cockpit-system"},{"binary_version":"215-1","binary_name":"cockpit-tests"},{"binary_version":"215-1","binary_name":"cockpit-ws"}]},"database_specific":{"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2019/UBUNTU-CVE-2019-3804.json"}},{"package":{"name":"cockpit","ecosystem":"Ubuntu:22.04:LTS","purl":"pkg:deb/ubuntu/cockpit@264-1ubuntu0.22.04.1?arch=source&distro=jammy"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"}]}],"versions":["252-1","256-1","257-1","258-1","259-1","260-1","261-1","262-1","263-1","264-1","264-1ubuntu0.22.04.1"],"ecosystem_specific":{"binaries":[{"binary_version":"264-1ubuntu0.22.04.1","binary_name":"cockpit"},{"binary_version":"264-1ubuntu0.22.04.1","binary_name":"cockpit-bridge"},{"binary_version":"264-1ubuntu0.22.04.1","binary_name":"cockpit-networkmanager"},{"binary_version":"264-1ubuntu0.22.04.1","binary_name":"cockpit-packagekit"},{"binary_version":"264-1ubuntu0.22.04.1","binary_name":"cockpit-pcp"},{"binary_version":"264-1ubuntu0.22.04.1","binary_name":"cockpit-sosreport"},{"binary_version":"264-1ubuntu0.22.04.1","binary_name":"cockpit-storaged"},{"binary_version":"264-1ubuntu0.22.04.1","binary_name":"cockpit-system"},{"binary_version":"264-1ubuntu0.22.04.1","binary_name":"cockpit-tests"},{"binary_version":"264-1ubuntu0.22.04.1","binary_name":"cockpit-ws"}]},"database_specific":{"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2019/UBUNTU-CVE-2019-3804.json"}}],"schema_version":"1.7.3","severity":[{"type":"CVSS_V3","score":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"type":"Ubuntu","score":"low"}]}