Heap exhaustion via deserialization
CVE-2023-3171

7.5HIGH

Key Information:

Vendor: Red Hat
Status: eap; EAP 7.4.13; Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 8; Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 9
Vendor: CVE Published:; 27 December 2023

What is CVE-2023-3171?

A vulnerability exists in EAP-7 related to the deserialization of specific classes. This flaw can allow an attacker to create malicious requests that exploit these classes, leading to resource consumption issues. As a consequence, this could exhaust the heap memory, resulting in a Denial of Service condition where legitimate users are unable to access the application or service.