Stack Overflow Exception in XNIO NotifierState Could Lead to Denial of Service
CVE-2023-5685

7.5HIGH

Key Information:

Vendor

Red Hat
Status
Eap 7.4.14
Red Hat Build Of Apache Camel 4.4.0 For Spring Boot
Red Hat Jboss Enterprise Application Platform 7.1 Eus For Rhel 7
Red Hat Jboss Enterprise Application Platform 7.3 Eus For Rhel 7
Vendor
CVE Published:
22 March 2024

What is CVE-2023-5685?

A flaw identified in the XNIO NotifierState component allows for a stack overflow exception due to an excessively large chain of notifier states. This vulnerability can lead to uncontrolled resource management, which may result in a denial of service (DoS) condition on systems utilizing the affected versions of XNIO. Administrators should take appropriate precautions to mitigate potential risks associated with this issue.

Affected Version(s)

Red Hat JBoss Enterprise Application Platform 7.1 EUS for RHEL 7 0:3.1.16-3.SP1_redhat_00001.1.ep7.el7

Red Hat JBoss Enterprise Application Platform 7.1 EUS for RHEL 7 0:1.7.6-2.redhat_00003.1.ep7.el7

Red Hat JBoss Enterprise Application Platform 7.1 EUS for RHEL 7 0:1.68.0-1.redhat_00005.1.ep7.el7

References

https://access.redhat.com/errata/RHSA-2023:7637
vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2023:7638
vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2023:7639
vendor-advisoryx_refsource_REDHAT

CVSS V3.1

Score:
7.5
Severity:
HIGH
Confidentiality:
None
Integrity:
None
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.