CVE-2023-5685
7.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Summary
A flaw was found in XNIO. The XNIO NotifierState that can cause a Stack Overflow Exception when the chain of notifier states becomes problematically large can lead to uncontrolled resource management and a possible denial of service (DoS).
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Red Hat | Red Hat JBoss Enterprise Application Platform 7.1 EUS for RHEL 7 | 0:3.1.16-3.SP1_redhat_00001.1.ep7.el7 < * | unaffected |
| Red Hat | Red Hat JBoss Enterprise Application Platform 7.1 EUS for RHEL 7 | 0:1.7.6-2.redhat_00003.1.ep7.el7 < * | unaffected |
| Red Hat | Red Hat JBoss Enterprise Application Platform 7.1 EUS for RHEL 7 | 0:1.68.0-1.redhat_00005.1.ep7.el7 < * | unaffected |
| Red Hat | Red Hat JBoss Enterprise Application Platform 7.1 EUS for RHEL 7 | 0:1.4.197-2.redhat_00005.1.ep7.el7 < * | unaffected |
| Red Hat | Red Hat JBoss Enterprise Application Platform 7.1 EUS for RHEL 7 | 0:2.8.11.6-1.SP1_redhat_00001.1.ep7.el7 < * | unaffected |
| Red Hat | Red Hat JBoss Enterprise Application Platform 7.1 EUS for RHEL 7 | 0:2.0.15-1.Final_redhat_00001.1.ep7.el7 < * | unaffected |
| Red Hat | Red Hat JBoss Enterprise Application Platform 7.1 EUS for RHEL 7 | 0:3.5.10-1.Final_redhat_00001.1.ep7.el7 < * | unaffected |
| Red Hat | Red Hat JBoss Enterprise Application Platform 7.1 EUS for RHEL 7 | 0:7.1.8-2.GA_redhat_00002.1.ep7.el7 < * | unaffected |
| Red Hat | Red Hat JBoss Enterprise Application Platform 7.1 EUS for RHEL 7 | 0:2.7.1-26.redhat_00015.1.ep7.el7 < * | unaffected |
| Red Hat | Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7 | 0:3.4.10-1.SP1_redhat_00001.1.el7eap < * | unaffected |
| Red Hat | Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7 | 0:1.7.6-8.redhat_00003.1.el7eap < * | unaffected |
| Red Hat | Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7 | 0:1.4.197-3.redhat_00004.1.el7eap < * | unaffected |
| Red Hat | Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7 | 0:2.0.1-4.Final_redhat_00001.1.el7eap < * | unaffected |
| Red Hat | Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7 | 0:2.0.15-1.Final_redhat_00001.1.el7eap < * | unaffected |
| Red Hat | Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7 | 0:1.7.2-12.Final_redhat_00013.1.el7eap < * | unaffected |
| Red Hat | Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7 | 0:3.7.13-1.Final_redhat_00001.1.el7eap < * | unaffected |
| Red Hat | Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7 | 0:1.2.2-2.Final_redhat_00002.1.el7eap < * | unaffected |
| Red Hat | Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7 | 0:7.3.11-4.GA_redhat_00002.1.el7eap < * | unaffected |
| Red Hat | Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7 | 0:2.3.3-2.redhat_00001.1.el7eap < * | unaffected |
| Red Hat | Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7 | 0:2.7.1-38.redhat_00015.1.el7eap < * | unaffected |
| Red Hat | Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7 | 0:2.2.3-2.redhat_00001.1.el7eap < * | unaffected |
| Red Hat | Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 8 | 0:3.8.11-1.SP1_redhat_00001.1.el8eap < * | unaffected |
| Red Hat | Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 9 | 0:3.8.11-1.SP1_redhat_00001.1.el9eap < * | unaffected |
| Red Hat | Red Hat JBoss Enterprise Application Platform 7.4 on RHEL 7 | 0:3.8.11-1.SP1_redhat_00001.1.el7eap < * | unaffected |
Weaknesses
- CWE-400: Uncontrolled Resource Consumption
Workarounds
There is currently no mitigation available for this vulnerability. Please keep the packages up-to-date as the updates become available.
ADP Enrichment
CISA ADP Vulnrichment
- SSVC:
- Exploitation: none
- Automatable: yes
- Technical Impact: partial
CVE Program Container
Additional References
- https://access.redhat.com/errata/RHSA-2023:7637
- https://access.redhat.com/errata/RHSA-2023:7638
- https://access.redhat.com/errata/RHSA-2023:7639
- https://access.redhat.com/errata/RHSA-2023:7641
- https://access.redhat.com/errata/RHSA-2024:2707
- https://access.redhat.com/security/cve/CVE-2023-5685
- https://bugzilla.redhat.com/show_bug.cgi?id=2241822
References
- https://access.redhat.com/errata/RHSA-2023:7637
- https://access.redhat.com/errata/RHSA-2023:7638
- https://access.redhat.com/errata/RHSA-2023:7639
- https://access.redhat.com/errata/RHSA-2023:7641
- https://access.redhat.com/errata/RHSA-2024:10207
- https://access.redhat.com/errata/RHSA-2024:10208
- https://access.redhat.com/errata/RHSA-2024:2707
- https://access.redhat.com/security/cve/CVE-2023-5685
- https://bugzilla.redhat.com/show_bug.cgi?id=2241822
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.