7.5

CVE-2023-3171

Eap-7: heap exhaustion via deserialization

A flaw was found in EAP-7 during deserialization of certain classes, which permits instantiation of HashMap and HashTable with no checks on resources consumed. This issue could allow an attacker to submit malicious requests using these classes, which could eventually exhaust the heap and result in a Denial of Service.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
RedhatJboss Enterprise Application Platform Version7.4
   RedhatEnterprise Linux Version7.0
   RedhatEnterprise Linux Version8.0
   RedhatEnterprise Linux Version9.0
RedhatJboss Enterprise Application Platform Version- SwEditiontext-only
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.85% 0.534
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 7.5 3.9 3.6
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
secalert@redhat.com 7.5 3.9 3.6
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
CWE-770 Allocation of Resources Without Limits or Throttling

The product allocates a reusable resource or group of resources on behalf of an actor without imposing any intended restrictions on the size or number of resources that can be allocated.

CWE-789 Memory Allocation with Excessive Size Value

The product allocates memory based on an untrusted, large size value, but it does not ensure that the size is within expected limits, allowing arbitrary amounts of memory to be allocated.

https://access.redhat.com/errata/RHSA-2023:5484
Vendor Advisory
https://access.redhat.com/errata/RHSA-2023:5485
Vendor Advisory
https://access.redhat.com/errata/RHSA-2023:5486
Vendor Advisory
https://access.redhat.com/errata/RHSA-2023:5488
Vendor Advisory
https://access.redhat.com/security/cve/CVE-2023-3171
Vendor Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=2213639
Issue Tracking