CVE-2023-5685

EPSS 0.38%
Veröffentlicht 22.03.2024 19:15:07
Zuletzt bearbeitet 26.11.2024 03:15:03
Quelle secalert@redhat.com
Teams Watchlist Login
Unerledigt Login

A flaw was found in XNIO. The XNIO NotifierState that can cause a Stack Overflow Exception when the chain of notifier states becomes problematically large can lead to uncontrolled resource management and a possible denial of service (DoS).

Betroffene Produkte Warnungen 0 Metriken 2 CWE 1 Referenzen 12

Verknüpft mit AI von unstrukturierten Daten zu bestehenden CPE der NVD

Diese Information steht angemeldeten Benutzern zur Verfügung.

Daten sind bereitgestellt durch das CVE Programm von einer CVE Numbering Authority (CNA) (Unstrukturiert).

HerstellerRed Hat

≫

Produkt EAP 7.4.14

Default Statusunaffected

HerstellerRed Hat

≫

Produkt Red Hat build of Apache Camel 4.4.0 for Spring Boot

Default Statusunaffected

HerstellerRed Hat

≫

Produkt Red Hat JBoss Enterprise Application Platform 7.1 EUS for RHEL 7

Default Statusaffected

Version < *

Version 0:3.1.16-3.SP1_redhat_00001.1.ep7.el7

Status unaffected

HerstellerRed Hat

≫

Produkt Red Hat JBoss Enterprise Application Platform 7.1 EUS for RHEL 7

Default Statusaffected

Version < *

Version 0:1.7.6-2.redhat_00003.1.ep7.el7

Status unaffected

HerstellerRed Hat

≫

Produkt Red Hat JBoss Enterprise Application Platform 7.1 EUS for RHEL 7

Default Statusaffected

Version < *

Version 0:1.68.0-1.redhat_00005.1.ep7.el7

Status unaffected

HerstellerRed Hat

≫

Produkt Red Hat JBoss Enterprise Application Platform 7.1 EUS for RHEL 7

Default Statusaffected

Version < *

Version 0:1.4.197-2.redhat_00005.1.ep7.el7

Status unaffected

HerstellerRed Hat

≫

Produkt Red Hat JBoss Enterprise Application Platform 7.1 EUS for RHEL 7

Default Statusaffected

Version < *

Version 0:2.8.11.6-1.SP1_redhat_00001.1.ep7.el7

Status unaffected

HerstellerRed Hat

≫

Produkt Red Hat JBoss Enterprise Application Platform 7.1 EUS for RHEL 7

Default Statusaffected

Version < *

Version 0:2.0.15-1.Final_redhat_00001.1.ep7.el7

Status unaffected

HerstellerRed Hat

≫

Produkt Red Hat JBoss Enterprise Application Platform 7.1 EUS for RHEL 7

Default Statusaffected

Version < *

Version 0:3.5.10-1.Final_redhat_00001.1.ep7.el7

Status unaffected

HerstellerRed Hat

≫

Produkt Red Hat JBoss Enterprise Application Platform 7.1 EUS for RHEL 7

Default Statusaffected

Version < *

Version 0:7.1.8-2.GA_redhat_00002.1.ep7.el7

Status unaffected

HerstellerRed Hat

≫

Produkt Red Hat JBoss Enterprise Application Platform 7.1 EUS for RHEL 7

Default Statusaffected

Version < *

Version 0:2.7.1-26.redhat_00015.1.ep7.el7

Status unaffected

HerstellerRed Hat

≫

Produkt Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7

Default Statusaffected

Version < *

Version 0:3.4.10-1.SP1_redhat_00001.1.el7eap

Status unaffected

HerstellerRed Hat

≫

Produkt Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7

Default Statusaffected

Version < *

Version 0:1.7.6-8.redhat_00003.1.el7eap

Status unaffected

HerstellerRed Hat

≫

Produkt Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7

Default Statusaffected

Version < *

Version 0:1.4.197-3.redhat_00004.1.el7eap

Status unaffected

HerstellerRed Hat

≫

Produkt Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7

Default Statusaffected

Version < *

Version 0:2.0.1-4.Final_redhat_00001.1.el7eap

Status unaffected

HerstellerRed Hat

≫

Produkt Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7

Default Statusaffected

Version < *

Version 0:2.0.15-1.Final_redhat_00001.1.el7eap

Status unaffected

HerstellerRed Hat

≫

Produkt Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7

Default Statusaffected

Version < *

Version 0:1.7.2-12.Final_redhat_00013.1.el7eap

Status unaffected

HerstellerRed Hat

≫

Produkt Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7

Default Statusaffected

Version < *

Version 0:3.7.13-1.Final_redhat_00001.1.el7eap

Status unaffected

HerstellerRed Hat

≫

Produkt Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7

Default Statusaffected

Version < *

Version 0:1.2.2-2.Final_redhat_00002.1.el7eap

Status unaffected

HerstellerRed Hat

≫

Produkt Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7

Default Statusaffected

Version < *

Version 0:7.3.11-4.GA_redhat_00002.1.el7eap

Status unaffected

HerstellerRed Hat

≫

Produkt Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7

Default Statusaffected

Version < *

Version 0:2.3.3-2.redhat_00001.1.el7eap

Status unaffected

HerstellerRed Hat

≫

Produkt Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7

Default Statusaffected

Version < *

Version 0:2.7.1-38.redhat_00015.1.el7eap

Status unaffected

HerstellerRed Hat

≫

Produkt Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7

Default Statusaffected

Version < *

Version 0:2.2.3-2.redhat_00001.1.el7eap

Status unaffected

HerstellerRed Hat

≫

Produkt Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 8

Default Statusaffected

Version < *

Version 0:3.8.11-1.SP1_redhat_00001.1.el8eap

Status unaffected

HerstellerRed Hat

≫

Produkt Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 9

Default Statusaffected

Version < *

Version 0:3.8.11-1.SP1_redhat_00001.1.el9eap

Status unaffected

HerstellerRed Hat

≫

Produkt Red Hat JBoss Enterprise Application Platform 7.4 on RHEL 7

Default Statusaffected

Version < *

Version 0:3.8.11-1.SP1_redhat_00001.1.el7eap

Status unaffected

HerstellerRed Hat

≫

Produkt Red Hat build of Apache Camel for Spring Boot 3

Default Statusunaffected

HerstellerRed Hat

≫

Produkt Red Hat build of Apache Camel - HawtIO 4

Default Statusaffected

HerstellerRed Hat

≫

Produkt Red Hat Build of Keycloak

Default Statusunaffected

HerstellerRed Hat

≫

Produkt Red Hat Data Grid 8

Default Statusunaffected

HerstellerRed Hat

≫

Produkt Red Hat Integration Camel K 1

Default Statusaffected

HerstellerRed Hat

≫

Produkt Red Hat JBoss Data Grid 7

Default Statusunknown

HerstellerRed Hat

≫

Produkt Red Hat JBoss Enterprise Application Platform 8

Default Statusunaffected

HerstellerRed Hat

≫

Produkt Red Hat JBoss Enterprise Application Platform Expansion Pack

Default Statusunaffected

HerstellerRed Hat

≫

Produkt Red Hat JBoss Fuse Service Works 6

Default Statusunknown

HerstellerRed Hat

≫

Produkt Red Hat Process Automation 7

Default Statusaffected

HerstellerRed Hat

≫

Produkt Red Hat Single Sign-On 7

Default Statusunaffected

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.38%	0.587

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
secalert@redhat.com	7.5	3.9	3.6	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE-400 Uncontrolled Resource Consumption

The product does not properly control the allocation and maintenance of a limited resource, thereby enabling an actor to influence the amount of resources consumed, eventually leading to the exhaustion of available resources.

https://access.redhat.com/errata/RHSA-2023:7637

https://access.redhat.com/errata/RHSA-2023:7638

https://access.redhat.com/errata/RHSA-2023:7639

https://access.redhat.com/errata/RHSA-2023:7641

https://access.redhat.com/errata/RHSA-2024:10207

https://access.redhat.com/errata/RHSA-2024:10208

https://access.redhat.com/errata/RHSA-2024:2707

https://access.redhat.com/security/cve/CVE-2023-5685

https://bugzilla.redhat.com/show_bug.cgi?id=2241822

https://nvd.nist.gov/vuln/detail/CVE-2023-5685

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2023-5685

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2023-5685

EUVD