CVE-2024-10270

🗓️ 25 Nov 2024 07:37:04Reported by redhatType

Vulnerability in Keycloak-services package, allowing DoS due to Regex complexit

Reporter	Title	Published	Views	Family All 30
FreeBSD	keycloak -- Multiple security fixes	22 Nov 202400:00	–	freebsd
Chainguard	CVE-2024-10270 vulnerabilities	25 Nov 202408:15	–	cgr
Circl	CVE-2024-10270	22 Nov 202409:53	–	circl
CNNVD	Red Hat Keycloak 安全漏洞	21 Nov 202400:00	–	cnnvd
Cvelist	CVE-2024-10270 Org.keycloak:keycloak-services: keycloak denial of service	25 Nov 202407:37	–	cvelist
EUVD	EUVD-2024-3389	3 Oct 202520:07	–	euvd
Github Security Blog	Duplicate Advisory: org.keycloak:keycloak-services has Inefficient Regular Expression Complexity	25 Nov 202409:30	–	github
Github Security Blog	org.keycloak:keycloak-services has Inefficient Regular Expression Complexity	25 Nov 202418:32	–	github
Tenable Nessus	Keycloak < 24.0.9, 25.0.x < 26.0.6 Multiple Vulnerabilities	5 Dec 202400:00	–	nessus
NVD	CVE-2024-10270	25 Nov 202408:15	–	nvd

[
  {
    "versions": [
      {
        "status": "affected",
        "version": "0",
        "lessThan": "24.0.9",
        "versionType": "semver"
      },
      {
        "status": "affected",
        "version": "25.0.0",
        "lessThan": "26.0.6",
        "versionType": "semver"
      }
    ],
    "packageName": "keycloak",
    "collectionURL": "https://github.com/keycloak/keycloak",
    "defaultStatus": "unaffected"
  },
  {
    "vendor": "Red Hat",
    "product": "Red Hat build of Keycloak 24",
    "collectionURL": "https://catalog.redhat.com/software/containers/",
    "packageName": "rhbk/keycloak-operator-bundle",
    "defaultStatus": "affected",
    "versions": [
      {
        "version": "24.0.9-1",
        "lessThan": "*",
        "versionType": "rpm",
        "status": "unaffected"
      }
    ],
    "cpes": [
      "cpe:/a:redhat:build_keycloak:24::el9"
    ]
  },
  {
    "vendor": "Red Hat",
    "product": "Red Hat build of Keycloak 24",
    "collectionURL": "https://catalog.redhat.com/software/containers/",
    "packageName": "rhbk/keycloak-rhel9",
    "defaultStatus": "affected",
    "versions": [
      {
        "version": "24-18",
        "lessThan": "*",
        "versionType": "rpm",
        "status": "unaffected"
      }
    ],
    "cpes": [
      "cpe:/a:redhat:build_keycloak:24::el9"
    ]
  },
  {
    "vendor": "Red Hat",
    "product": "Red Hat build of Keycloak 24",
    "collectionURL": "https://catalog.redhat.com/software/containers/",
    "packageName": "rhbk/keycloak-rhel9-operator",
    "defaultStatus": "affected",
    "versions": [
      {
        "version": "24-18",
        "lessThan": "*",
        "versionType": "rpm",
        "status": "unaffected"
      }
    ],
    "cpes": [
      "cpe:/a:redhat:build_keycloak:24::el9"
    ]
  },
  {
    "vendor": "Red Hat",
    "product": "Red Hat build of Keycloak 24.0.9",
    "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
    "defaultStatus": "unaffected",
    "packageName": "org.keycloak/keycloak-services",
    "cpes": [
      "cpe:/a:redhat:build_keycloak:24"
    ]
  },
  {
    "vendor": "Red Hat",
    "product": "Red Hat build of Keycloak 26.0",
    "collectionURL": "https://catalog.redhat.com/software/containers/",
    "packageName": "rhbk/keycloak-operator-bundle",
    "defaultStatus": "affected",
    "versions": [
      {
        "version": "26.0.6-2",
        "lessThan": "*",
        "versionType": "rpm",
        "status": "unaffected"
      }
    ],
    "cpes": [
      "cpe:/a:redhat:build_keycloak:26.0::el9"
    ]
  },
  {
    "vendor": "Red Hat",
    "product": "Red Hat build of Keycloak 26.0",
    "collectionURL": "https://catalog.redhat.com/software/containers/",
    "packageName": "rhbk/keycloak-rhel9",
    "defaultStatus": "affected",
    "versions": [
      {
        "version": "26.0-5",
        "lessThan": "*",
        "versionType": "rpm",
        "status": "unaffected"
      }
    ],
    "cpes": [
      "cpe:/a:redhat:build_keycloak:26.0::el9"
    ]
  },
  {
    "vendor": "Red Hat",
    "product": "Red Hat build of Keycloak 26.0",
    "collectionURL": "https://catalog.redhat.com/software/containers/",
    "packageName": "rhbk/keycloak-rhel9-operator",
    "defaultStatus": "affected",
    "versions": [
      {
        "version": "26.0-6",
        "lessThan": "*",
        "versionType": "rpm",
        "status": "unaffected"
      }
    ],
    "cpes": [
      "cpe:/a:redhat:build_keycloak:26.0::el9"
    ]
  },
  {
    "vendor": "Red Hat",
    "product": "Red Hat build of Keycloak 26.0.6",
    "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
    "defaultStatus": "unaffected",
    "packageName": "org.keycloak/keycloak-services",
    "cpes": [
      "cpe:/a:redhat:build_keycloak:26"
    ]
  },
  {
    "vendor": "Red Hat",
    "product": "Red Hat JBoss Enterprise Application Platform 8",
    "collectionURL": "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html",
    "packageName": "org.keycloak/keycloak-services",
    "defaultStatus": "unaffected",
    "cpes": [
      "cpe:/a:redhat:jboss_enterprise_application_platform:8"
    ]
  },
  {
    "vendor": "Red Hat",
    "product": "Red Hat JBoss Enterprise Application Platform Expansion Pack",
    "collectionURL": "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html",
    "packageName": "org.keycloak/keycloak-services",
    "defaultStatus": "unaffected",
    "cpes": [
      "cpe:/a:redhat:jbosseapxp"
    ]
  },
  {
    "vendor": "Red Hat",
    "product": "Red Hat Single Sign-On 7",
    "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
    "packageName": "org.keycloak/keycloak-services",
    "defaultStatus": "unknown",
    "cpes": [
      "cpe:/a:redhat:red_hat_single_sign_on:7"
    ]
  }
]

Source	Link
access	www.access.redhat.com/errata/RHSA-2024:10177
github	www.github.com/advisories/GHSA-wq8x-cg39-8mrr
access	www.access.redhat.com/errata/RHSA-2024:10178
access	www.access.redhat.com/errata/RHSA-2024:10175
access	www.access.redhat.com/security/cve/CVE-2024-10270
github	www.github.com/keycloak/keycloak/commit/5d6c91f3309db468b0fe4834e88c3d25649f73e4
access	www.access.redhat.com/errata/RHSA-2024:10176
bugzilla	www.bugzilla.redhat.com/show_bug.cgi

06 May 2026 17:16Current

6.3Medium risk

Vulners AI Score6.3

CVSS 3.16.5

EPSS0.00124

SSVC

CWE-1333