CVE-2018-1041

7.5HIGH

Key Information:

Vendor: Red Hat
Status: Jboss-remoting
Vendor: CVE Published:; 15 February 2018

Summary

A vulnerability was found in the way RemoteMessageChannel, introduced in jboss-remoting versions 3.3.10, reads from an empty buffer. An attacker could use this flaw to cause denial of service via high CPU caused by an infinite loop.

Affected Version(s)

jboss-remoting since 3.3.10

References

https://www.exploit-db.com/exploits/44099/

exploitx_refsource_EXPLOIT-DB

https://access.redhat.com/errata/RHSA-2018:0269

vendor-advisoryx_refsource_REDHAT

https://access.redhat.com/errata/RHSA-2018:0270

vendor-advisoryx_refsource_REDHAT

EPSS Score

8% chance of being exploited in the next 30 days.

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Feb 15, 2018
Vulnerability Reserved
Dec 4, 2017