CVE-2024-10270

Summary

A vulnerability was found in the Keycloak-services package. If untrusted data is passed to the SearchQueryUtils method, it could lead to a denial of service (DoS) scenario by exhausting system resources due to a Regex complexity.

Affected Software

VendorProductVersion RangeStatus
0 < 24.0.9affected
25.0.0 < 26.0.6affected
Red HatRed Hat build of Keycloak 2424.0.9-1 < *unaffected
Red HatRed Hat build of Keycloak 2424-18 < *unaffected
Red HatRed Hat build of Keycloak 2424-18 < *unaffected
Red HatRed Hat build of Keycloak 26.026.0.6-2 < *unaffected
Red HatRed Hat build of Keycloak 26.026.0-5 < *unaffected
Red HatRed Hat build of Keycloak 26.026.0-6 < *unaffected

Weaknesses

  • CWE-1333: Inefficient Regular Expression Complexity

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References