Lucene search

RedHatRHSA-2023:7705

HistoryDec 07, 2023 - 3:30 p.m.

(RHSA-2023:7705) Important: Red Hat Build of Apache Camel for Quarkus 2.13.3 security update (RHBQ 2.13.9.Final)

2023-12-0715:30:42

access.redhat.com

red hat build

apache camel

quarkus

cve

security fix

common vulnerability scoring system

oom

json-java

avro

sshd-common

netty

snappy-java

sftp server

information exposure

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

7 High

AI Score

Confidence

Low

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

0.003 Low

EPSS

Percentile

65.0%

JSON

A security update for Red Hat Build of Apache Camel for Quarkus 2.13.3 is now available (updates to RHBQ 2.13.9.Final). The purpose of this text-only errata is to inform you about the security issues fixed.
Red Hat Product Security has rated this update as having an impact of Important.

A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Security Fix(es):

CVE-2023-5072 JSON-java: parser confusion leads to OOM
CVE-2023-39410 avro: apache-avro: Apache Avro Java SDK: Memory when deserializing untrusted data in Avro Java SDK
CVE-2023-35887 sshd-common: apache-mina-sshd: information exposure in SFTP server implementations
CVE-2023-34462 netty: SniHandler 16MB allocation leads to OOM
CVE-2023-34455 snappy-java: Unchecked chunk length leads to DoS