Lucene search

K
cvelistRedhatCVELIST:CVE-2023-5685
HistoryMar 22, 2024 - 6:24 p.m.

CVE-2023-5685 Xnio: stackoverflowexception when the chain of notifier states becomes problematically big

2024-03-2218:24:42
CWE-400
redhat
www.cve.org
8
xnio
stack overflow
notifierstate
resource management
denial of service

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

EPSS

0

Percentile

10.3%

A flaw was found in XNIO. The XNIO NotifierState that can cause a Stack Overflow Exception when the chain of notifier states becomes problematically large can lead to uncontrolled resource management and a possible denial of service (DoS).

CNA Affected

[
  {
    "vendor": "Red Hat",
    "product": "EAP 7.4.14",
    "collectionURL": "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html",
    "defaultStatus": "unaffected",
    "cpes": [
      "cpe:/a:redhat:jboss_enterprise_application_platform:7.4"
    ]
  },
  {
    "vendor": "Red Hat",
    "product": "Red Hat build of Apache Camel 4.4.0 for Spring Boot",
    "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
    "defaultStatus": "unaffected",
    "packageName": "xnio",
    "cpes": [
      "cpe:/a:redhat:apache-camel-spring-boot:4.4.0"
    ]
  },
  {
    "vendor": "Red Hat",
    "product": "Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 8",
    "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
    "packageName": "eap7-jboss-xnio-base",
    "defaultStatus": "affected",
    "versions": [
      {
        "version": "0:3.8.11-1.SP1_redhat_00001.1.el8eap",
        "lessThan": "*",
        "versionType": "rpm",
        "status": "unaffected"
      }
    ],
    "cpes": [
      "cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el8"
    ]
  },
  {
    "vendor": "Red Hat",
    "product": "Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 9",
    "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
    "packageName": "eap7-jboss-xnio-base",
    "defaultStatus": "affected",
    "versions": [
      {
        "version": "0:3.8.11-1.SP1_redhat_00001.1.el9eap",
        "lessThan": "*",
        "versionType": "rpm",
        "status": "unaffected"
      }
    ],
    "cpes": [
      "cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el9"
    ]
  },
  {
    "vendor": "Red Hat",
    "product": "Red Hat JBoss Enterprise Application Platform 7.4 on RHEL 7",
    "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
    "packageName": "eap7-jboss-xnio-base",
    "defaultStatus": "affected",
    "versions": [
      {
        "version": "0:3.8.11-1.SP1_redhat_00001.1.el7eap",
        "lessThan": "*",
        "versionType": "rpm",
        "status": "unaffected"
      }
    ],
    "cpes": [
      "cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el7"
    ]
  },
  {
    "vendor": "Red Hat",
    "product": "Red Hat build of Apache Camel for Spring Boot",
    "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
    "packageName": "xnio",
    "defaultStatus": "unaffected",
    "cpes": [
      "cpe:/a:redhat:camel_spring_boot:3"
    ]
  },
  {
    "vendor": "Red Hat",
    "product": "Red Hat build of Apache Camel - HawtIO",
    "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
    "packageName": "xnio",
    "defaultStatus": "affected",
    "cpes": [
      "cpe:/a:redhat:rhboac_hawtio:4"
    ]
  },
  {
    "vendor": "Red Hat",
    "product": "Red Hat Build of Keycloak",
    "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
    "packageName": "xnio",
    "defaultStatus": "unaffected",
    "cpes": [
      "cpe:/a:redhat:build_keycloak:"
    ]
  },
  {
    "vendor": "Red Hat",
    "product": "Red Hat Data Grid 8",
    "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
    "packageName": "xnio",
    "defaultStatus": "unaffected",
    "cpes": [
      "cpe:/a:redhat:jboss_data_grid:8"
    ]
  },
  {
    "vendor": "Red Hat",
    "product": "Red Hat Integration Camel K",
    "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
    "packageName": "xnio",
    "defaultStatus": "affected",
    "cpes": [
      "cpe:/a:redhat:integration:1"
    ]
  },
  {
    "vendor": "Red Hat",
    "product": "Red Hat JBoss Data Grid 7",
    "collectionURL": "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html",
    "packageName": "xnio",
    "defaultStatus": "unknown",
    "cpes": [
      "cpe:/a:redhat:jboss_data_grid:7"
    ]
  },
  {
    "vendor": "Red Hat",
    "product": "Red Hat JBoss Enterprise Application Platform 8",
    "collectionURL": "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html",
    "packageName": "xnio",
    "defaultStatus": "unaffected",
    "cpes": [
      "cpe:/a:redhat:jboss_enterprise_application_platform:8"
    ]
  },
  {
    "vendor": "Red Hat",
    "product": "Red Hat JBoss Enterprise Application Platform Expansion Pack",
    "collectionURL": "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html",
    "packageName": "xnio",
    "defaultStatus": "unaffected",
    "cpes": [
      "cpe:/a:redhat:jbosseapxp"
    ]
  },
  {
    "vendor": "Red Hat",
    "product": "Red Hat JBoss Fuse Service Works 6",
    "collectionURL": "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html",
    "packageName": "xnio",
    "defaultStatus": "unknown",
    "cpes": [
      "cpe:/a:redhat:jboss_fuse_service_works:6"
    ]
  },
  {
    "vendor": "Red Hat",
    "product": "Red Hat Process Automation 7",
    "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
    "packageName": "xnio",
    "defaultStatus": "affected",
    "cpes": [
      "cpe:/a:redhat:jboss_enterprise_bpms_platform:7"
    ]
  },
  {
    "vendor": "Red Hat",
    "product": "Red Hat Single Sign-On 7",
    "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
    "packageName": "xnio",
    "defaultStatus": "affected",
    "cpes": [
      "cpe:/a:redhat:red_hat_single_sign_on:7"
    ]
  }
]

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

EPSS

0

Percentile

10.3%