Lucene search

K
redhatRedHatRHSA-2023:7705
HistoryDec 07, 2023 - 3:30 p.m.

(RHSA-2023:7705) Important: Red Hat Build of Apache Camel for Quarkus 2.13.3 security update (RHBQ 2.13.9.Final)

2023-12-0715:30:42
access.redhat.com
17
red hat build
apache camel
quarkus
cve
security fix
common vulnerability scoring system
oom
json-java
avro
sshd-common
netty
snappy-java
sftp server
information exposure

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

AI Score

7

Confidence

Low

EPSS

0.009

Percentile

82.9%

A security update for Red Hat Build of Apache Camel for Quarkus 2.13.3 is now available (updates to RHBQ 2.13.9.Final). The purpose of this text-only errata is to inform you about the security issues fixed.
Red Hat Product Security has rated this update as having an impact of Important.

A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Security Fix(es):

  • CVE-2023-5072 JSON-java: parser confusion leads to OOM
  • CVE-2023-39410 avro: apache-avro: Apache Avro Java SDK: Memory when deserializing untrusted data in Avro Java SDK
  • CVE-2023-35887 sshd-common: apache-mina-sshd: information exposure in SFTP server implementations
  • CVE-2023-34462 netty: SniHandler 16MB allocation leads to OOM
  • CVE-2023-34455 snappy-java: Unchecked chunk length leads to DoS

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

AI Score

7

Confidence

Low

EPSS

0.009

Percentile

82.9%