CVE-2023-5685

Summary

A flaw was found in XNIO. The XNIO NotifierState that can cause a Stack Overflow Exception when the chain of notifier states becomes problematically large can lead to uncontrolled resource management and a possible denial of service (DoS).

Affected Software

VendorProductVersion RangeStatus
Red HatRed Hat JBoss Enterprise Application Platform 7.1 EUS for RHEL 70:3.1.16-3.SP1_redhat_00001.1.ep7.el7 < *unaffected
Red HatRed Hat JBoss Enterprise Application Platform 7.1 EUS for RHEL 70:1.7.6-2.redhat_00003.1.ep7.el7 < *unaffected
Red HatRed Hat JBoss Enterprise Application Platform 7.1 EUS for RHEL 70:1.68.0-1.redhat_00005.1.ep7.el7 < *unaffected
Red HatRed Hat JBoss Enterprise Application Platform 7.1 EUS for RHEL 70:1.4.197-2.redhat_00005.1.ep7.el7 < *unaffected
Red HatRed Hat JBoss Enterprise Application Platform 7.1 EUS for RHEL 70:2.8.11.6-1.SP1_redhat_00001.1.ep7.el7 < *unaffected
Red HatRed Hat JBoss Enterprise Application Platform 7.1 EUS for RHEL 70:2.0.15-1.Final_redhat_00001.1.ep7.el7 < *unaffected
Red HatRed Hat JBoss Enterprise Application Platform 7.1 EUS for RHEL 70:3.5.10-1.Final_redhat_00001.1.ep7.el7 < *unaffected
Red HatRed Hat JBoss Enterprise Application Platform 7.1 EUS for RHEL 70:7.1.8-2.GA_redhat_00002.1.ep7.el7 < *unaffected
Red HatRed Hat JBoss Enterprise Application Platform 7.1 EUS for RHEL 70:2.7.1-26.redhat_00015.1.ep7.el7 < *unaffected
Red HatRed Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 70:3.4.10-1.SP1_redhat_00001.1.el7eap < *unaffected
Red HatRed Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 70:1.7.6-8.redhat_00003.1.el7eap < *unaffected
Red HatRed Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 70:1.4.197-3.redhat_00004.1.el7eap < *unaffected
Red HatRed Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 70:2.0.1-4.Final_redhat_00001.1.el7eap < *unaffected
Red HatRed Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 70:2.0.15-1.Final_redhat_00001.1.el7eap < *unaffected
Red HatRed Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 70:1.7.2-12.Final_redhat_00013.1.el7eap < *unaffected
Red HatRed Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 70:3.7.13-1.Final_redhat_00001.1.el7eap < *unaffected
Red HatRed Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 70:1.2.2-2.Final_redhat_00002.1.el7eap < *unaffected
Red HatRed Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 70:7.3.11-4.GA_redhat_00002.1.el7eap < *unaffected
Red HatRed Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 70:2.3.3-2.redhat_00001.1.el7eap < *unaffected
Red HatRed Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 70:2.7.1-38.redhat_00015.1.el7eap < *unaffected
Red HatRed Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 70:2.2.3-2.redhat_00001.1.el7eap < *unaffected
Red HatRed Hat JBoss Enterprise Application Platform 7.4 for RHEL 80:3.8.11-1.SP1_redhat_00001.1.el8eap < *unaffected
Red HatRed Hat JBoss Enterprise Application Platform 7.4 for RHEL 90:3.8.11-1.SP1_redhat_00001.1.el9eap < *unaffected
Red HatRed Hat JBoss Enterprise Application Platform 7.4 on RHEL 70:3.8.11-1.SP1_redhat_00001.1.el7eap < *unaffected

Weaknesses

  • CWE-400: Uncontrolled Resource Consumption

Workarounds

There is currently no mitigation available for this vulnerability. Please keep the packages up-to-date as the updates become available.

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: yes
    • Technical Impact: partial

CVE Program Container

Additional References

References