Stack Overflow Exception in XNIO NotifierState Could Lead to Denial of Service
CVE-2023-5685

7.5HIGH

What is CVE-2023-5685?

A flaw identified in the XNIO NotifierState component allows for a stack overflow exception due to an excessively large chain of notifier states. This vulnerability can lead to uncontrolled resource management, which may result in a denial of service (DoS) condition on systems utilizing the affected versions of XNIO. Administrators should take appropriate precautions to mitigate potential risks associated with this issue.

Affected Version(s)

Red Hat JBoss Enterprise Application Platform 7.1 EUS for RHEL 7 0:3.1.16-3.SP1_redhat_00001.1.ep7.el7

Red Hat JBoss Enterprise Application Platform 7.1 EUS for RHEL 7 0:1.7.6-2.redhat_00003.1.ep7.el7

Red Hat JBoss Enterprise Application Platform 7.1 EUS for RHEL 7 0:1.68.0-1.redhat_00005.1.ep7.el7

References

CVSS V3.1

Score:
7.5
Severity:
HIGH
Confidentiality:
None
Integrity:
None
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.