A flaw was found in XNIO. The XNIO NotifierState that can cause a Stack Overflow Exception when the chain of notifier states becomes problematically large can lead to uncontrolled resource management and a possible denial of service (DoS).

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

The EPSS score is 0.00474.

Exploitation none

Automatable yes

Technical Impact partial

Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).

Vendor Product Default status Versions
Red Hat Red Hat build of Apache Camel 4.4.0 for Spring Boot unaffected
Red Hat Red Hat JBoss Enterprise Application Platform 7 unaffected
Red Hat Red Hat JBoss Enterprise Application Platform 7.1 EUS for RHEL 7 affected
Version Status Constraints
0:3.1.16-3.SP1_redhat_00001.1.ep7.el7 unaffected < *
Red Hat Red Hat JBoss Enterprise Application Platform 7.1 EUS for RHEL 7 affected
Version Status Constraints
0:1.7.6-2.redhat_00003.1.ep7.el7 unaffected < *
Red Hat Red Hat JBoss Enterprise Application Platform 7.1 EUS for RHEL 7 affected
Version Status Constraints
0:1.68.0-1.redhat_00005.1.ep7.el7 unaffected < *
Red Hat Red Hat JBoss Enterprise Application Platform 7.1 EUS for RHEL 7 affected
Version Status Constraints
0:1.4.197-2.redhat_00005.1.ep7.el7 unaffected < *
Red Hat Red Hat JBoss Enterprise Application Platform 7.1 EUS for RHEL 7 affected
Version Status Constraints
0:2.8.11.6-1.SP1_redhat_00001.1.ep7.el7 unaffected < *
Red Hat Red Hat JBoss Enterprise Application Platform 7.1 EUS for RHEL 7 affected
Version Status Constraints
0:2.0.15-1.Final_redhat_00001.1.ep7.el7 unaffected < *
Red Hat Red Hat JBoss Enterprise Application Platform 7.1 EUS for RHEL 7 affected
Version Status Constraints
0:3.5.10-1.Final_redhat_00001.1.ep7.el7 unaffected < *
Red Hat Red Hat JBoss Enterprise Application Platform 7.1 EUS for RHEL 7 affected
Version Status Constraints
0:7.1.8-2.GA_redhat_00002.1.ep7.el7 unaffected < *
Red Hat Red Hat JBoss Enterprise Application Platform 7.1 EUS for RHEL 7 affected
Version Status Constraints
0:2.7.1-26.redhat_00015.1.ep7.el7 unaffected < *
Red Hat Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7 affected
Version Status Constraints
0:3.4.10-1.SP1_redhat_00001.1.el7eap unaffected < *
Red Hat Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7 affected
Version Status Constraints
0:1.7.6-8.redhat_00003.1.el7eap unaffected < *
Red Hat Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7 affected
Version Status Constraints
0:1.4.197-3.redhat_00004.1.el7eap unaffected < *
Red Hat Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7 affected
Version Status Constraints
0:2.0.1-4.Final_redhat_00001.1.el7eap unaffected < *
Red Hat Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7 affected
Version Status Constraints
0:2.0.15-1.Final_redhat_00001.1.el7eap unaffected < *
Red Hat Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7 affected
Version Status Constraints
0:1.7.2-12.Final_redhat_00013.1.el7eap unaffected < *
Red Hat Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7 affected
Version Status Constraints
0:3.7.13-1.Final_redhat_00001.1.el7eap unaffected < *
Red Hat Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7 affected
Version Status Constraints
0:1.2.2-2.Final_redhat_00002.1.el7eap unaffected < *
Red Hat Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7 affected
Version Status Constraints
0:7.3.11-4.GA_redhat_00002.1.el7eap unaffected < *
Red Hat Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7 affected
Version Status Constraints
0:2.3.3-2.redhat_00001.1.el7eap unaffected < *
Red Hat Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7 affected
Version Status Constraints
0:2.7.1-38.redhat_00015.1.el7eap unaffected < *
Red Hat Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7 affected
Version Status Constraints
0:2.2.3-2.redhat_00001.1.el7eap unaffected < *
Red Hat Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 8 affected
Version Status Constraints
0:3.8.11-1.SP1_redhat_00001.1.el8eap unaffected < *
Red Hat Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 9 affected
Version Status Constraints
0:3.8.11-1.SP1_redhat_00001.1.el9eap unaffected < *
Red Hat Red Hat JBoss Enterprise Application Platform 7.4 on RHEL 7 affected
Version Status Constraints
0:3.8.11-1.SP1_redhat_00001.1.el7eap unaffected < *
Red Hat Red Hat build of Apache Camel for Spring Boot 3 unaffected
Red Hat Red Hat build of Apache Camel - HawtIO 4 affected
Red Hat Red Hat Build of Keycloak unaffected
Red Hat Red Hat Data Grid 8 unaffected
Red Hat Red Hat Integration Camel K 1 affected
Red Hat Red Hat JBoss Data Grid 7 unknown
Red Hat Red Hat JBoss Enterprise Application Platform 8 unaffected
Red Hat Red Hat JBoss Enterprise Application Platform Expansion Pack unaffected
Red Hat Red Hat JBoss Fuse Service Works 6 unknown
Red Hat Red Hat Process Automation 7 affected
Red Hat Red Hat Single Sign-On 7 unaffected

No data.

Package CPE Advisory Released Date
EAP 7.4.14
cpe:/a:redhat:jboss_enterprise_application_platform:7.4 RHSA-2023:7641 2023-12-04T00:00:00Z
Red Hat build of Apache Camel 4.4.0 for Spring Boot
xnio cpe:/a:redhat:apache-camel-spring-boot:4.4.0 RHSA-2024:2707 2024-05-06T00:00:00Z
Red Hat JBoss Enterprise Application Platform 7.1 EUS for RHEL 7
eap7-apache-cxf-0:3.1.16-3.SP1_redhat_00001.1.ep7.el7 cpe:/a:redhat:jboss_enterprise_application_platform_eus:7.1::el7 RHSA-2024:10208 2024-11-25T00:00:00Z
eap7-avro-0:1.7.6-2.redhat_00003.1.ep7.el7 cpe:/a:redhat:jboss_enterprise_application_platform_eus:7.1::el7 RHSA-2024:10208 2024-11-25T00:00:00Z
eap7-bouncycastle-0:1.68.0-1.redhat_00005.1.ep7.el7 cpe:/a:redhat:jboss_enterprise_application_platform_eus:7.1::el7 RHSA-2024:10208 2024-11-25T00:00:00Z
eap7-h2database-0:1.4.197-2.redhat_00005.1.ep7.el7 cpe:/a:redhat:jboss_enterprise_application_platform_eus:7.1::el7 RHSA-2024:10208 2024-11-25T00:00:00Z
eap7-jackson-databind-0:2.8.11.6-1.SP1_redhat_00001.1.ep7.el7 cpe:/a:redhat:jboss_enterprise_application_platform_eus:7.1::el7 RHSA-2024:10208 2024-11-25T00:00:00Z
eap7-jboss-marshalling-0:2.0.15-1.Final_redhat_00001.1.ep7.el7 cpe:/a:redhat:jboss_enterprise_application_platform_eus:7.1::el7 RHSA-2024:10208 2024-11-25T00:00:00Z
eap7-jboss-xnio-base-0:3.5.10-1.Final_redhat_00001.1.ep7.el7 cpe:/a:redhat:jboss_enterprise_application_platform_eus:7.1::el7 RHSA-2024:10208 2024-11-25T00:00:00Z
eap7-wildfly-0:7.1.8-2.GA_redhat_00002.1.ep7.el7 cpe:/a:redhat:jboss_enterprise_application_platform_eus:7.1::el7 RHSA-2024:10208 2024-11-25T00:00:00Z
eap7-xalan-j2-0:2.7.1-26.redhat_00015.1.ep7.el7 cpe:/a:redhat:jboss_enterprise_application_platform_eus:7.1::el7 RHSA-2024:10208 2024-11-25T00:00:00Z
Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7
eap7-apache-cxf-0:3.4.10-1.SP1_redhat_00001.1.el7eap cpe:/a:redhat:jboss_enterprise_application_platform_eus:7.3::el7 RHSA-2024:10207 2024-11-25T00:00:00Z
eap7-avro-0:1.7.6-8.redhat_00003.1.el7eap cpe:/a:redhat:jboss_enterprise_application_platform_eus:7.3::el7 RHSA-2024:10207 2024-11-25T00:00:00Z
eap7-h2database-0:1.4.197-3.redhat_00004.1.el7eap cpe:/a:redhat:jboss_enterprise_application_platform_eus:7.3::el7 RHSA-2024:10207 2024-11-25T00:00:00Z
eap7-jboss-annotations-api_1.3_spec-0:2.0.1-4.Final_redhat_00001.1.el7eap cpe:/a:redhat:jboss_enterprise_application_platform_eus:7.3::el7 RHSA-2024:10207 2024-11-25T00:00:00Z
eap7-jboss-marshalling-0:2.0.15-1.Final_redhat_00001.1.el7eap cpe:/a:redhat:jboss_enterprise_application_platform_eus:7.3::el7 RHSA-2024:10207 2024-11-25T00:00:00Z
eap7-jboss-server-migration-0:1.7.2-12.Final_redhat_00013.1.el7eap cpe:/a:redhat:jboss_enterprise_application_platform_eus:7.3::el7 RHSA-2024:10207 2024-11-25T00:00:00Z
eap7-jboss-xnio-base-0:3.7.13-1.Final_redhat_00001.1.el7eap cpe:/a:redhat:jboss_enterprise_application_platform_eus:7.3::el7 RHSA-2024:10207 2024-11-25T00:00:00Z
eap7-log4j-jboss-logmanager-0:1.2.2-2.Final_redhat_00002.1.el7eap cpe:/a:redhat:jboss_enterprise_application_platform_eus:7.3::el7 RHSA-2024:10207 2024-11-25T00:00:00Z
eap7-wildfly-0:7.3.11-4.GA_redhat_00002.1.el7eap cpe:/a:redhat:jboss_enterprise_application_platform_eus:7.3::el7 RHSA-2024:10207 2024-11-25T00:00:00Z
eap7-wss4j-0:2.3.3-2.redhat_00001.1.el7eap cpe:/a:redhat:jboss_enterprise_application_platform_eus:7.3::el7 RHSA-2024:10207 2024-11-25T00:00:00Z
eap7-xalan-j2-0:2.7.1-38.redhat_00015.1.el7eap cpe:/a:redhat:jboss_enterprise_application_platform_eus:7.3::el7 RHSA-2024:10207 2024-11-25T00:00:00Z
eap7-xml-security-0:2.2.3-2.redhat_00001.1.el7eap cpe:/a:redhat:jboss_enterprise_application_platform_eus:7.3::el7 RHSA-2024:10207 2024-11-25T00:00:00Z
Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 8
eap7-jboss-xnio-base-0:3.8.11-1.SP1_redhat_00001.1.el8eap cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el8 RHSA-2023:7638 2023-12-04T00:00:00Z
Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 9
eap7-jboss-xnio-base-0:3.8.11-1.SP1_redhat_00001.1.el9eap cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el9 RHSA-2023:7639 2023-12-04T00:00:00Z
Red Hat JBoss Enterprise Application Platform 7.4 on RHEL 7
eap7-jboss-xnio-base-0:3.8.11-1.SP1_redhat_00001.1.el7eap cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el7 RHSA-2023:7637 2023-12-04T00:00:00Z

No data.

Project Subscriptions

Vendors Products
Redhat Subscribe
Apache-camel-spring-boot Subscribe
Apache Camel Hawtio Subscribe
Build Keycloak Subscribe
Camel Spring Boot Subscribe
Integration Subscribe
Jboss Data Grid Subscribe
Jboss Enterprise Application Platform Subscribe
Jboss Enterprise Application Platform Eus Subscribe
Jboss Enterprise Bpms Platform Subscribe
Jboss Fuse Service Works Subscribe
Jbosseapxp Subscribe
Red Hat Single Sign On Subscribe
Advisories
Source ID Title
EUVD EUVD EUVD-2024-0858 A flaw was found in XNIO. The XNIO NotifierState that can cause a Stack Overflow Exception when the chain of notifier states becomes problematically large can lead to uncontrolled resource management and a possible denial of service (DoS).
Github GHSA Github GHSA GHSA-7f88-5hhx-67m2 XNIO denial of service vulnerability
Fixes

Solution

No solution given by the vendor.

Workaround

There is currently no mitigation available for this vulnerability. Please keep the packages up-to-date as the updates become available.

References
Link Providers
https://access.redhat.com/errata/RHSA-2023:7637 cve-icon cve-icon
https://access.redhat.com/errata/RHSA-2023:7638 cve-icon cve-icon
https://access.redhat.com/errata/RHSA-2023:7639 cve-icon cve-icon
https://access.redhat.com/errata/RHSA-2023:7641 cve-icon cve-icon
https://access.redhat.com/errata/RHSA-2024:10207 cve-icon cve-icon
https://access.redhat.com/errata/RHSA-2024:10208 cve-icon cve-icon
https://access.redhat.com/errata/RHSA-2024:2707 cve-icon cve-icon
https://access.redhat.com/security/cve/CVE-2023-5685 cve-icon cve-icon
https://bugzilla.redhat.com/show_bug.cgi?id=2241822 cve-icon cve-icon
https://nvd.nist.gov/vuln/detail/CVE-2023-5685 cve-icon
https://www.cve.org/CVERecord?id=CVE-2023-5685 cve-icon
History

Wed, 18 Jun 2025 18:15:00 +0000

Type Values Removed Values Added
First Time appeared Redhat apache Camel Hawtio
CPEs cpe:/a:redhat:rhboac_hawtio:4 cpe:/a:redhat:apache_camel_hawtio:4
Vendors & Products Redhat rhboac Hawtio
Redhat apache Camel Hawtio

Tue, 26 Nov 2024 03:15:00 +0000

Type Values Removed Values Added
References

Mon, 25 Nov 2024 15:15:00 +0000

Type Values Removed Values Added
First Time appeared Redhat jboss Enterprise Application Platform Eus
CPEs cpe:/a:redhat:jboss_enterprise_application_platform_eus:7.1::el7
cpe:/a:redhat:jboss_enterprise_application_platform_eus:7.3::el7
Vendors & Products Redhat jboss Enterprise Application Platform Eus

Thu, 19 Sep 2024 20:30:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Wed, 18 Sep 2024 08:45:00 +0000

Type Values Removed Values Added
CPEs cpe:/a:redhat:build_keycloak:22 cpe:/a:redhat:build_keycloak:

Projects

Sign in to view the affected projects.

cve-icon MITRE

Status: PUBLISHED

Assigner: redhat

Published:

Updated: 2025-11-07T20:35:23.047Z

Reserved: 2023-10-20T15:39:55.570Z

Link: CVE-2023-5685

cve-icon Vulnrichment

Updated: 2024-08-02T08:07:32.397Z

cve-icon NVD

Status : Awaiting Analysis

Published: 2024-03-22T19:15:07.983

Modified: 2024-11-26T03:15:03.853

Link: CVE-2023-5685

cve-icon Redhat

Severity : Important

Publid Date: 2024-03-05T00:00:00Z

Links: CVE-2023-5685 - Bugzilla

cve-icon OpenCVE Enrichment

No data.

Weaknesses