Lucene search

K
redhatRedHatRHSA-2023:7612
HistoryNov 30, 2023 - 11:35 a.m.

(RHSA-2023:7612) Important: Red Hat build of Quarkus 3.2.9 release and security update

2023-11-3011:35:16
access.redhat.com
19
red hat build
quarkus 3.2.9
security update
cve-2023-39410
cve-2023-43642
apache avro java sdk
snappy-java
denial of service

CVSS3

9.1

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

AI Score

6.9

Confidence

Low

EPSS

0.009

Percentile

82.9%

This release of Red Hat build of Quarkus 3.2.9 includes security updates, bug
fixes, and enhancements.

Security Fix(es):

  • CVE-2023-39410 avro: apache-avro: Apache Avro Java SDK: Memory when deserializing untrusted data in Avro Java SDK [quarkus-3.2]

  • CVE-2023-43642 snappy-java: Missing upper bound check on chunk length in snappy-java can lead to Denial of Service (DoS) impact [quarkus-3.2]

For more details about the security issue(s), including the impact, a CVSS
score, acknowledgments, and other related information, refer to the CVE page(s)
listed in the References section.

CVSS3

9.1

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

AI Score

6.9

Confidence

Low

EPSS

0.009

Percentile

82.9%