7.5
CVE-2018-1041
- EPSS 15.81%
- Veröffentlicht 15.02.2018 17:29:00
- Zuletzt bearbeitet 21.11.2024 03:59:03
- Quelle secalert@redhat.com
- CVE-Watchlists
- Unerledigt
A vulnerability was found in the way RemoteMessageChannel, introduced in jboss-remoting versions 3.3.10, reads from an empty buffer. An attacker could use this flaw to cause denial of service via high CPU caused by an infinite loop.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Jboss ≫ Jboss-remoting Version3.3.10
Redhat ≫ Jboss Enterprise Application Platform Version6.0.0
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 15.81% | 0.965 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 7.5 | 3.9 | 3.6 |
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
|
| nvd@nist.gov | 5 | 10 | 2.9 |
AV:N/AC:L/Au:N/C:N/I:N/A:P
|
CWE-835 Loop with Unreachable Exit Condition ('Infinite Loop')
The product contains an iteration or loop with an exit condition that cannot be reached, i.e., an infinite loop.
https://access.redhat.com/errata/RHSA-2018:0268
https://access.redhat.com/errata/RHSA-2018:0269
https://access.redhat.com/errata/RHSA-2018:0270
https://access.redhat.com/errata/RHSA-2018:0271
https://access.redhat.com/errata/RHSA-2018:0275
http://www.securitytracker.com/id/1040323
https://bugzilla.redhat.com/show_bug.cgi?id=1530457
https://www.exploit-db.com/exploits/44099/