Lucene search

K
redhatRedHatRHSA-2024:0148
HistoryJan 10, 2024 - 1:28 p.m.

(RHSA-2024:0148) Important: Red Hat Integration Camel K 1.10.5 release and security update

2024-01-1013:28:57
access.redhat.com
19
red hat integration
camel k
security update
multiple vulnerabilities
cve-2023-5072
cve-2023-34455
cve-2023-34462

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

AI Score

7.4

Confidence

Low

EPSS

0.001

Percentile

46.1%

A security update for Camel K 1.10.5 is now available.

The purpose of this text-only errata is to inform you about the security issues fixed.

Security Fix(es):

  • JSON-java: parser confusion leads to OOM [rhint-camel-k-1.10] (CVE-2023-5072)

  • Snappy-java: Unchecked chunk length leads to DoS [rhint-camel-k-1] (CVE-2023-34455)

  • Netty: SniHandler 16MB allocation leads to OOM [rhint-camel-k-1] (CVE-2023-34462)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE moderatepage(s) listed in the References section.

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

AI Score

7.4

Confidence

Low

EPSS

0.001

Percentile

46.1%