Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
redhatRedHatRHSA-2023:7700
HistoryDec 07, 2023 - 2:24 p.m.

(RHSA-2023:7700) Important: Red Hat build of Quarkus 2.13.9 release and security update

2023-12-0714:24:28
access.redhat.com
14
red hat quarkus
2.13.9
security update
cve
bug fixes
enhancements
apache avro
snappy-java
google guava
netty
sftp server
denial of service
information exposure
out of memory

7.4 High

AI Score

Confidence

Low

0.003 Low

EPSS

Percentile

65.0%

JSON

This release of Red Hat build of Quarkus 2.13.9 includes security updates, bug
fixes, and enhancements. For more information, see the release notes page listed
in the References section.

Security Fix(es):

  • CVE-2023-31582 org.bitbucket.b_c/jose4j: jose4j: Insecure iteration count setting [quarkus-2]

  • CVE-2023-39410 org.apache.avro/avro: apache-avro: Apache Avro Java SDK: Memory when deserializing untrusted data in Avro Java SDK [quarkus-2]

  • CVE-2023-43642 org.xerial.snappy/snappy-java: Missing upper bound check on chunk length in snappy-java can lead to Denial of Service (DoS) impact [quarkus-2]

  • CVE-2023-35887 org.apache.sshd/sshd-common: apache-mina-sshd: information exposure in SFTP server implementations [quarkus-2]

  • CVE-2023-34453 org.xerial.snappy/snappy-java: snappy-java: Integer overflow in shuffle leads to DoS [quarkus-2]

  • CVE-2023-34454 org.xerial.snappy/snappy-java: snappy-java: Integer overflow in compress leads to DoS [quarkus-2]

  • CVE-2023-2976 com.google.guava/guava: guava: insecure temporary directory creation [quarkus-2]

  • CVE-2023-34462 io.netty/netty-handler: netty: SniHandler 16MB allocation leads to OOM [quarkus-2]

  • CVE-2023-34455 org.xerial.snappy/snappy-java: snappy-java: Unchecked chunk length leads to DoS [quarkus-2]

  • CVE-2023-6393 io.quarkus/quarkus-cache: quarkus: Potential invalid reuse of context when @CacheResult on a Uni is used [quarkus-2.13]

Related

ibm 63
redhat 9
github 10
osv 21
cvelist 11
prion 10
atlassian 12
nessus 9
redhatcve 11
ubuntucve 6
cve 11
veracode 9
debiancve 4
cgr 3
cnvd 1
broadcom 1
openvas 1
wolfi 3
gitlab 1
alpinelinux 1
rosalinux 1
redos 1
ibm
ibm
Security Bulletin: Multiple vulnerabilities in Apache Solr, Apache Zookeeper and Logstash shipped with IBM Operations Analytics - Log Analysis (CVE-2023-43642, CVE-2023-34454, CVE-2023-34453, CVE-2023-34455)
2024-03-19 13:26:53
Security Bulletin: IBM Disconnected Log Collector is vulnerable to using components with known vulnerabilities
2024-01-24 14:15:16
Security Bulletin: IBM InfoSphere Information Server is affected by multiple vulnerabilities in snappy-java
2023-11-28 22:41:45
redhat
redhat
(RHSA-2023:7612) Important: Red Hat build of Quarkus 3.2.9 release and security update
2023-11-30 11:35:16
(RHSA-2023:7705) Important: Red Hat Build of Apache Camel for Quarkus 2.13.3 security update (RHBQ 2.13.9.Final)
2023-12-07 15:30:42
(RHSA-2024:0148) Important: Red Hat Integration Camel K 1.10.5 release and security update
2024-01-10 13:28:57
github
github
snappy-java's missing upper bound check on chunk length can lead to Denial of Service (DoS) impact
2023-09-25 18:30:18
jose4j uses weak cryptographic algorithm
2023-10-25 18:32:21
snappy-java's Integer Overflow vulnerability in compress leads to DoS
2023-06-15 16:28:08
osv
osv
snappy-java's missing upper bound check on chunk length can lead to Denial of Service (DoS) impact
2023-09-25 18:30:18
CVE-2023-31582
2023-10-25 18:17:27
jose4j uses weak cryptographic algorithm
2023-10-25 18:32:21
cvelist
cvelist
CVE-2023-31582
2023-10-24 00:00:00
CVE-2023-34454 snappy-java's Integer Overflow vulnerability in compress leads to DoS
2023-06-15 16:27:45
CVE-2023-43642 Missing upper bound check on chunk length in snappy-java
2023-09-25 19:03:49
prion
prion
Design/Logic Flaw
2023-10-25 18:17:00
Integer overflow
2023-06-15 17:15:00
Design/Logic Flaw
2023-07-10 16:15:00
atlassian
atlassian
DoS (Denial of Service) org.xerial.snappy:snappy-java Dependency in Jira Software Data Center and Server
2024-02-14 10:46:27
DoS (Denial of Service) org.xerial.snappy:snappy-java Dependency in Jira Software Data Center and Server
2024-02-14 10:46:17
DoS (Denial of Service) org.xerial.snappy:snappy-java Dependency in Bitbucket Data Center and Server
2024-01-09 05:46:44
nessus
nessus
RHEL 8 : Red Hat JBoss Enterprise Application Platform 7.4.14 on RHEL 8 (RHSA-2023:7638)
2023-12-04 00:00:00
RHEL 7 : Red Hat JBoss Enterprise Application Platform 7.4.14 on RHEL 7 (RHSA-2023:7637)
2023-12-04 00:00:00
RHEL 9 : Red Hat JBoss Enterprise Application Platform 7.4.14 on RHEL 9 (RHSA-2023:7639)
2023-12-04 00:00:00
redhatcve
redhatcve
CVE-2023-31582
2023-10-26 18:27:17
CVE-2023-43642
2023-10-02 10:24:58
CVE-2023-34454
2023-08-08 17:21:28
ubuntucve
ubuntucve
CVE-2023-31582
2023-10-25 00:00:00
CVE-2023-43642
2023-09-25 00:00:00
CVE-2023-34455
2023-06-15 00:00:00
cve
cve
CVE-2023-31582
2023-10-25 18:17:27
CVE-2023-34454
2023-06-15 17:15:09
CVE-2023-34453
2023-06-15 17:15:09
veracode
veracode
Weak Cryptography
2023-11-01 05:05:23
Integer Overflow
2023-06-20 02:40:29
Denial Of Service (DoS)
2023-06-20 04:13:38
debiancve
debiancve
CVE-2023-31582
2023-10-25 18:17:27
CVE-2023-43642
2023-09-25 20:15:11
CVE-2023-34462
2023-06-22 23:15:09
cgr
cgr
CVE-2023-43642 vulnerabilities
2024-05-19 03:07:16
CVE-2023-39410 vulnerabilities
2024-05-19 03:07:16
CVE-2023-34462 vulnerabilities
2024-05-19 03:07:16
cnvd
cnvd
Apache MINA Information Disclosure Vulnerability
2023-07-12 00:00:00
broadcom
broadcom
Apache Avro Java SDK vulnerable to Improper Input Validation (CVE-2023-39410)
2024-04-16 00:00:00
openvas
openvas
openSUSE: Security Advisory for netty, netty (SUSE-SU-2023:2974-1)
2024-03-04 00:00:00
wolfi
wolfi
CVE-2023-34462 vulnerabilities
2024-05-29 15:13:11
CVE-2023-43642 vulnerabilities
2024-05-29 15:13:11
CVE-2023-39410 vulnerabilities
2024-05-29 15:13:11
gitlab
gitlab
Deserialization of Untrusted Data
2023-09-29 00:00:00
alpinelinux
alpinelinux
CVE-2023-39410
2023-09-29 17:15:46
rosalinux
rosalinux
Advisory ROSA-SA-2023-2304
2023-12-12 12:18:26
redos
redos
ROS-20240507-03
2024-05-07 00:00:00

7.4 High

AI Score

Confidence

Low

0.003 Low

EPSS

Percentile

65.0%

JSON
Related for RHSA-2023:7700
ibm63redhat9github10osv21cvelist11prion10atlassian12nessus9redhatcve11ubuntucve6cve11veracode9debiancve4cgr3cnvd1broadcom1openvas1wolfi3gitlab1alpinelinux1rosalinux1redos1