CVE-2023-5685 - Vulnerability Details

A flaw was found in XNIO. The XNIO NotifierState that can cause a Stack Overflow Exception when the chain of notifier states becomes problematically large can lead to uncontrolled resource management and a possible denial of service (DoS).

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Exploitation none

Automatable yes

Technical Impact partial

Vendors	Products
Redhat	Apache-camel-spring-boot Build Keycloak Camel Spring Boot Integration Jboss Data Grid Jboss Enterprise Application Platform Jboss Enterprise Application Platform Eus Jboss Enterprise Bpms Platform Jboss Fuse Service Works Jbosseapxp Red Hat Single Sign On Rhboac Hawtio

No data.

Package	CPE	Advisory	Released Date
EAP 7.4.14
	cpe:/a:redhat:jboss_enterprise_application_platform:7.4	RHSA-2023:7641	2023-12-04T00:00:00Z
Red Hat build of Apache Camel 4.4.0 for Spring Boot
xnio	cpe:/a:redhat:apache-camel-spring-boot:4.4.0	RHSA-2024:2707	2024-05-06T00:00:00Z
Red Hat JBoss Enterprise Application Platform 7.1 EUS for RHEL 7
eap7-apache-cxf-0:3.1.16-3.SP1_redhat_00001.1.ep7.el7	cpe:/a:redhat:jboss_enterprise_application_platform_eus:7.1::el7	RHSA-2024:10208	2024-11-25T00:00:00Z
eap7-avro-0:1.7.6-2.redhat_00003.1.ep7.el7	cpe:/a:redhat:jboss_enterprise_application_platform_eus:7.1::el7	RHSA-2024:10208	2024-11-25T00:00:00Z
eap7-bouncycastle-0:1.68.0-1.redhat_00005.1.ep7.el7	cpe:/a:redhat:jboss_enterprise_application_platform_eus:7.1::el7	RHSA-2024:10208	2024-11-25T00:00:00Z
eap7-h2database-0:1.4.197-2.redhat_00005.1.ep7.el7	cpe:/a:redhat:jboss_enterprise_application_platform_eus:7.1::el7	RHSA-2024:10208	2024-11-25T00:00:00Z
eap7-jackson-databind-0:2.8.11.6-1.SP1_redhat_00001.1.ep7.el7	cpe:/a:redhat:jboss_enterprise_application_platform_eus:7.1::el7	RHSA-2024:10208	2024-11-25T00:00:00Z
eap7-jboss-marshalling-0:2.0.15-1.Final_redhat_00001.1.ep7.el7	cpe:/a:redhat:jboss_enterprise_application_platform_eus:7.1::el7	RHSA-2024:10208	2024-11-25T00:00:00Z
eap7-jboss-xnio-base-0:3.5.10-1.Final_redhat_00001.1.ep7.el7	cpe:/a:redhat:jboss_enterprise_application_platform_eus:7.1::el7	RHSA-2024:10208	2024-11-25T00:00:00Z
eap7-wildfly-0:7.1.8-2.GA_redhat_00002.1.ep7.el7	cpe:/a:redhat:jboss_enterprise_application_platform_eus:7.1::el7	RHSA-2024:10208	2024-11-25T00:00:00Z
eap7-xalan-j2-0:2.7.1-26.redhat_00015.1.ep7.el7	cpe:/a:redhat:jboss_enterprise_application_platform_eus:7.1::el7	RHSA-2024:10208	2024-11-25T00:00:00Z
Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7
eap7-apache-cxf-0:3.4.10-1.SP1_redhat_00001.1.el7eap	cpe:/a:redhat:jboss_enterprise_application_platform_eus:7.3::el7	RHSA-2024:10207	2024-11-25T00:00:00Z
eap7-avro-0:1.7.6-8.redhat_00003.1.el7eap	cpe:/a:redhat:jboss_enterprise_application_platform_eus:7.3::el7	RHSA-2024:10207	2024-11-25T00:00:00Z
eap7-h2database-0:1.4.197-3.redhat_00004.1.el7eap	cpe:/a:redhat:jboss_enterprise_application_platform_eus:7.3::el7	RHSA-2024:10207	2024-11-25T00:00:00Z
eap7-jboss-annotations-api_1.3_spec-0:2.0.1-4.Final_redhat_00001.1.el7eap	cpe:/a:redhat:jboss_enterprise_application_platform_eus:7.3::el7	RHSA-2024:10207	2024-11-25T00:00:00Z
eap7-jboss-marshalling-0:2.0.15-1.Final_redhat_00001.1.el7eap	cpe:/a:redhat:jboss_enterprise_application_platform_eus:7.3::el7	RHSA-2024:10207	2024-11-25T00:00:00Z
eap7-jboss-server-migration-0:1.7.2-12.Final_redhat_00013.1.el7eap	cpe:/a:redhat:jboss_enterprise_application_platform_eus:7.3::el7	RHSA-2024:10207	2024-11-25T00:00:00Z
eap7-jboss-xnio-base-0:3.7.13-1.Final_redhat_00001.1.el7eap	cpe:/a:redhat:jboss_enterprise_application_platform_eus:7.3::el7	RHSA-2024:10207	2024-11-25T00:00:00Z
eap7-log4j-jboss-logmanager-0:1.2.2-2.Final_redhat_00002.1.el7eap	cpe:/a:redhat:jboss_enterprise_application_platform_eus:7.3::el7	RHSA-2024:10207	2024-11-25T00:00:00Z
eap7-wildfly-0:7.3.11-4.GA_redhat_00002.1.el7eap	cpe:/a:redhat:jboss_enterprise_application_platform_eus:7.3::el7	RHSA-2024:10207	2024-11-25T00:00:00Z
eap7-wss4j-0:2.3.3-2.redhat_00001.1.el7eap	cpe:/a:redhat:jboss_enterprise_application_platform_eus:7.3::el7	RHSA-2024:10207	2024-11-25T00:00:00Z
eap7-xalan-j2-0:2.7.1-38.redhat_00015.1.el7eap	cpe:/a:redhat:jboss_enterprise_application_platform_eus:7.3::el7	RHSA-2024:10207	2024-11-25T00:00:00Z
eap7-xml-security-0:2.2.3-2.redhat_00001.1.el7eap	cpe:/a:redhat:jboss_enterprise_application_platform_eus:7.3::el7	RHSA-2024:10207	2024-11-25T00:00:00Z
Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 8
eap7-jboss-xnio-base-0:3.8.11-1.SP1_redhat_00001.1.el8eap	cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el8	RHSA-2023:7638	2023-12-04T00:00:00Z
Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 9
eap7-jboss-xnio-base-0:3.8.11-1.SP1_redhat_00001.1.el9eap	cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el9	RHSA-2023:7639	2023-12-04T00:00:00Z
Red Hat JBoss Enterprise Application Platform 7.4 on RHEL 7
eap7-jboss-xnio-base-0:3.8.11-1.SP1_redhat_00001.1.el7eap	cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el7	RHSA-2023:7637	2023-12-04T00:00:00Z

References

Link	Providers
https://access.redhat.com/errata/RHSA-2023:7637
https://access.redhat.com/errata/RHSA-2023:7638
https://access.redhat.com/errata/RHSA-2023:7639
https://access.redhat.com/errata/RHSA-2023:7641
https://access.redhat.com/errata/RHSA-2024:10207
https://access.redhat.com/errata/RHSA-2024:10208
https://access.redhat.com/errata/RHSA-2024:2707
https://access.redhat.com/security/cve/CVE-2023-5685
https://bugzilla.redhat.com/show_bug.cgi?id=2241822
https://nvd.nist.gov/vuln/detail/CVE-2023-5685
https://www.cve.org/CVERecord?id=CVE-2023-5685

History

Tue, 26 Nov 2024 03:15:00 +0000

Type	Values Removed	Values Added
References		https://access.redhat.com/errata/RHSA-2024:10207 https://access.redhat.com/errata/RHSA-2024:10208

Mon, 25 Nov 2024 15:15:00 +0000

Type	Values Removed	Values Added
First Time appeared		Redhat jboss Enterprise Application Platform Eus
CPEs		cpe:/a:redhat:jboss_enterprise_application_platform_eus:7.1::el7 cpe:/a:redhat:jboss_enterprise_application_platform_eus:7.3::el7
Vendors & Products		Redhat jboss Enterprise Application Platform Eus

Thu, 19 Sep 2024 20:30:00 +0000

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}`

Wed, 18 Sep 2024 08:45:00 +0000

Type	Values Removed	Values Added
CPEs	~~cpe:/a:redhat:build_keycloak:22~~	cpe:/a:redhat:build_keycloak:

MITRE

Status: PUBLISHED

Assigner: redhat

Published: 2024-03-22T18:24:42.696Z

Updated: 2025-02-27T02:24:08.225Z

Reserved: 2023-10-20T15:39:55.570Z

Link: CVE-2023-5685

Vulnrichment

Updated: 2024-08-02T08:07:32.397Z

NVD

Status : Awaiting Analysis

Published: 2024-03-22T19:15:07.983

Modified: 2024-11-26T03:15:03.853

Link: CVE-2023-5685

Redhat

Severity : Important

Publid Date: 2024-03-05T00:00:00Z

Links: CVE-2023-5685 - Bugzilla

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2023-5685", "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "state": "PUBLISHED", "assignerShortName": "redhat", "dateReserved": "2023-10-20T15:39:55.570Z", "datePublished": "2024-03-22T18:24:42.696Z", "dateUpdated": "2025-02-27T02:24:08.225Z"}, "containers": {"cna": {"title": "Xnio: stackoverflowexception when the chain of notifier states becomes problematically big", "metrics": [{"other": {"content": {"value": "Important", "namespace": "https://access.redhat.com/security/updates/classification/"}, "type": "Red Hat severity rating"}}, {"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "format": "CVSS"}], "descriptions": [{"lang": "en", "value": "A flaw was found in XNIO. The XNIO NotifierState that can cause a Stack Overflow Exception when the chain of notifier states becomes problematically large can lead to uncontrolled resource management and a possible denial of service (DoS)."}], "affected": [{"vendor": "Red Hat", "product": "EAP 7.4.14", "collectionURL": "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html", "defaultStatus": "unaffected", "cpes": ["cpe:/a:redhat:jboss_enterprise_application_platform:7.4"]}, {"vendor": "Red Hat", "product": "Red Hat build of Apache Camel 4.4.0 for Spring Boot", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "defaultStatus": "unaffected", "packageName": "xnio", "cpes": ["cpe:/a:redhat:apache-camel-spring-boot:4.4.0"]}, {"vendor": "Red Hat", "product": "Red Hat JBoss Enterprise Application Platform 7.1 EUS for RHEL 7", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "eap7-apache-cxf", "defaultStatus": "affected", "versions": [{"version": "0:3.1.16-3.SP1_redhat_00001.1.ep7.el7", "lessThan": "*", "versionType": "rpm", "status": "unaffected"}], "cpes": ["cpe:/a:redhat:jboss_enterprise_application_platform_eus:7.1::el7"]}, {"vendor": "Red Hat", "product": "Red Hat JBoss Enterprise Application Platform 7.1 EUS for RHEL 7", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "eap7-avro", "defaultStatus": "affected", "versions": [{"version": "0:1.7.6-2.redhat_00003.1.ep7.el7", "lessThan": "*", "versionType": "rpm", "status": "unaffected"}], "cpes": ["cpe:/a:redhat:jboss_enterprise_application_platform_eus:7.1::el7"]}, {"vendor": "Red Hat", "product": "Red Hat JBoss Enterprise Application Platform 7.1 EUS for RHEL 7", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "eap7-bouncycastle", "defaultStatus": "affected", "versions": [{"version": "0:1.68.0-1.redhat_00005.1.ep7.el7", "lessThan": "*", "versionType": "rpm", "status": "unaffected"}], "cpes": ["cpe:/a:redhat:jboss_enterprise_application_platform_eus:7.1::el7"]}, {"vendor": "Red Hat", "product": "Red Hat JBoss Enterprise Application Platform 7.1 EUS for RHEL 7", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "eap7-h2database", "defaultStatus": "affected", "versions": [{"version": "0:1.4.197-2.redhat_00005.1.ep7.el7", "lessThan": "*", "versionType": "rpm", "status": "unaffected"}], "cpes": ["cpe:/a:redhat:jboss_enterprise_application_platform_eus:7.1::el7"]}, {"vendor": "Red Hat", "product": "Red Hat JBoss Enterprise Application Platform 7.1 EUS for RHEL 7", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "eap7-jackson-databind", "defaultStatus": "affected", "versions": [{"version": "0:2.8.11.6-1.SP1_redhat_00001.1.ep7.el7", "lessThan": "*", "versionType": "rpm", "status": "unaffected"}], "cpes": ["cpe:/a:redhat:jboss_enterprise_application_platform_eus:7.1::el7"]}, {"vendor": "Red Hat", "product": "Red Hat JBoss Enterprise Application Platform 7.1 EUS for RHEL 7", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "eap7-jboss-marshalling", "defaultStatus": "affected", "versions": [{"version": "0:2.0.15-1.Final_redhat_00001.1.ep7.el7", "lessThan": "*", "versionType": "rpm", "status": "unaffected"}], "cpes": ["cpe:/a:redhat:jboss_enterprise_application_platform_eus:7.1::el7"]}, {"vendor": "Red Hat", "product": "Red Hat JBoss Enterprise Application Platform 7.1 EUS for RHEL 7", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "eap7-jboss-xnio-base", "defaultStatus": "affected", "versions": [{"version": "0:3.5.10-1.Final_redhat_00001.1.ep7.el7", "lessThan": "*", "versionType": "rpm", "status": "unaffected"}], "cpes": ["cpe:/a:redhat:jboss_enterprise_application_platform_eus:7.1::el7"]}, {"vendor": "Red Hat", "product": "Red Hat JBoss Enterprise Application Platform 7.1 EUS for RHEL 7", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "eap7-wildfly", "defaultStatus": "affected", "versions": [{"version": "0:7.1.8-2.GA_redhat_00002.1.ep7.el7", "lessThan": "*", "versionType": "rpm", "status": "unaffected"}], "cpes": ["cpe:/a:redhat:jboss_enterprise_application_platform_eus:7.1::el7"]}, {"vendor": "Red Hat", "product": "Red Hat JBoss Enterprise Application Platform 7.1 EUS for RHEL 7", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "eap7-xalan-j2", "defaultStatus": "affected", "versions": [{"version": "0:2.7.1-26.redhat_00015.1.ep7.el7", "lessThan": "*", "versionType": "rpm", "status": "unaffected"}], "cpes": ["cpe:/a:redhat:jboss_enterprise_application_platform_eus:7.1::el7"]}, {"vendor": "Red Hat", "product": "Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "eap7-apache-cxf", "defaultStatus": "affected", "versions": [{"version": "0:3.4.10-1.SP1_redhat_00001.1.el7eap", "lessThan": "*", "versionType": "rpm", "status": "unaffected"}], "cpes": ["cpe:/a:redhat:jboss_enterprise_application_platform_eus:7.3::el7"]}, {"vendor": "Red Hat", "product": "Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "eap7-avro", "defaultStatus": "affected", "versions": [{"version": "0:1.7.6-8.redhat_00003.1.el7eap", "lessThan": "*", "versionType": "rpm", "status": "unaffected"}], "cpes": ["cpe:/a:redhat:jboss_enterprise_application_platform_eus:7.3::el7"]}, {"vendor": "Red Hat", "product": "Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "eap7-h2database", "defaultStatus": "affected", "versions": [{"version": "0:1.4.197-3.redhat_00004.1.el7eap", "lessThan": "*", "versionType": "rpm", "status": "unaffected"}], "cpes": ["cpe:/a:redhat:jboss_enterprise_application_platform_eus:7.3::el7"]}, {"vendor": "Red Hat", "product": "Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "eap7-jboss-annotations-api_1.3_spec", "defaultStatus": "affected", "versions": [{"version": "0:2.0.1-4.Final_redhat_00001.1.el7eap", "lessThan": "*", "versionType": "rpm", "status": "unaffected"}], "cpes": ["cpe:/a:redhat:jboss_enterprise_application_platform_eus:7.3::el7"]}, {"vendor": "Red Hat", "product": "Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "eap7-jboss-marshalling", "defaultStatus": "affected", "versions": [{"version": "0:2.0.15-1.Final_redhat_00001.1.el7eap", "lessThan": "*", "versionType": "rpm", "status": "unaffected"}], "cpes": ["cpe:/a:redhat:jboss_enterprise_application_platform_eus:7.3::el7"]}, {"vendor": "Red Hat", "product": "Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "eap7-jboss-server-migration", "defaultStatus": "affected", "versions": [{"version": "0:1.7.2-12.Final_redhat_00013.1.el7eap", "lessThan": "*", "versionType": "rpm", "status": "unaffected"}], "cpes": ["cpe:/a:redhat:jboss_enterprise_application_platform_eus:7.3::el7"]}, {"vendor": "Red Hat", "product": "Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "eap7-jboss-xnio-base", "defaultStatus": "affected", "versions": [{"version": "0:3.7.13-1.Final_redhat_00001.1.el7eap", "lessThan": "*", "versionType": "rpm", "status": "unaffected"}], "cpes": ["cpe:/a:redhat:jboss_enterprise_application_platform_eus:7.3::el7"]}, {"vendor": "Red Hat", "product": "Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "eap7-log4j-jboss-logmanager", "defaultStatus": "affected", "versions": [{"version": "0:1.2.2-2.Final_redhat_00002.1.el7eap", "lessThan": "*", "versionType": "rpm", "status": "unaffected"}], "cpes": ["cpe:/a:redhat:jboss_enterprise_application_platform_eus:7.3::el7"]}, {"vendor": "Red Hat", "product": "Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "eap7-wildfly", "defaultStatus": "affected", "versions": [{"version": "0:7.3.11-4.GA_redhat_00002.1.el7eap", "lessThan": "*", "versionType": "rpm", "status": "unaffected"}], "cpes": ["cpe:/a:redhat:jboss_enterprise_application_platform_eus:7.3::el7"]}, {"vendor": "Red Hat", "product": "Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "eap7-wss4j", "defaultStatus": "affected", "versions": [{"version": "0:2.3.3-2.redhat_00001.1.el7eap", "lessThan": "*", "versionType": "rpm", "status": "unaffected"}], "cpes": ["cpe:/a:redhat:jboss_enterprise_application_platform_eus:7.3::el7"]}, {"vendor": "Red Hat", "product": "Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "eap7-xalan-j2", "defaultStatus": "affected", "versions": [{"version": "0:2.7.1-38.redhat_00015.1.el7eap", "lessThan": "*", "versionType": "rpm", "status": "unaffected"}], "cpes": ["cpe:/a:redhat:jboss_enterprise_application_platform_eus:7.3::el7"]}, {"vendor": "Red Hat", "product": "Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "eap7-xml-security", "defaultStatus": "affected", "versions": [{"version": "0:2.2.3-2.redhat_00001.1.el7eap", "lessThan": "*", "versionType": "rpm", "status": "unaffected"}], "cpes": ["cpe:/a:redhat:jboss_enterprise_application_platform_eus:7.3::el7"]}, {"vendor": "Red Hat", "product": "Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 8", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "eap7-jboss-xnio-base", "defaultStatus": "affected", "versions": [{"version": "0:3.8.11-1.SP1_redhat_00001.1.el8eap", "lessThan": "*", "versionType": "rpm", "status": "unaffected"}], "cpes": ["cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el8"]}, {"vendor": "Red Hat", "product": "Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 9", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "eap7-jboss-xnio-base", "defaultStatus": "affected", "versions": [{"version": "0:3.8.11-1.SP1_redhat_00001.1.el9eap", "lessThan": "*", "versionType": "rpm", "status": "unaffected"}], "cpes": ["cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el9"]}, {"vendor": "Red Hat", "product": "Red Hat JBoss Enterprise Application Platform 7.4 on RHEL 7", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "eap7-jboss-xnio-base", "defaultStatus": "affected", "versions": [{"version": "0:3.8.11-1.SP1_redhat_00001.1.el7eap", "lessThan": "*", "versionType": "rpm", "status": "unaffected"}], "cpes": ["cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el7"]}, {"vendor": "Red Hat", "product": "Red Hat build of Apache Camel for Spring Boot 3", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "xnio", "defaultStatus": "unaffected", "cpes": ["cpe:/a:redhat:camel_spring_boot:3"]}, {"vendor": "Red Hat", "product": "Red Hat build of Apache Camel - HawtIO", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "xnio", "defaultStatus": "affected", "cpes": ["cpe:/a:redhat:rhboac_hawtio:4"]}, {"vendor": "Red Hat", "product": "Red Hat Build of Keycloak", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "xnio", "defaultStatus": "unaffected", "cpes": ["cpe:/a:redhat:build_keycloak:"]}, {"vendor": "Red Hat", "product": "Red Hat Data Grid 8", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "xnio", "defaultStatus": "unaffected", "cpes": ["cpe:/a:redhat:jboss_data_grid:8"]}, {"vendor": "Red Hat", "product": "Red Hat Integration Camel K", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "xnio", "defaultStatus": "affected", "cpes": ["cpe:/a:redhat:integration:1"]}, {"vendor": "Red Hat", "product": "Red Hat JBoss Data Grid 7", "collectionURL": "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html", "packageName": "xnio", "defaultStatus": "unknown", "cpes": ["cpe:/a:redhat:jboss_data_grid:7"]}, {"vendor": "Red Hat", "product": "Red Hat JBoss Enterprise Application Platform 8", "collectionURL": "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html", "packageName": "xnio", "defaultStatus": "unaffected", "cpes": ["cpe:/a:redhat:jboss_enterprise_application_platform:8"]}, {"vendor": "Red Hat", "product": "Red Hat JBoss Enterprise Application Platform Expansion Pack", "collectionURL": "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html", "packageName": "xnio", "defaultStatus": "unaffected", "cpes": ["cpe:/a:redhat:jbosseapxp"]}, {"vendor": "Red Hat", "product": "Red Hat JBoss Fuse Service Works 6", "collectionURL": "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html", "packageName": "xnio", "defaultStatus": "unknown", "cpes": ["cpe:/a:redhat:jboss_fuse_service_works:6"]}, {"vendor": "Red Hat", "product": "Red Hat Process Automation 7", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "xnio", "defaultStatus": "affected", "cpes": ["cpe:/a:redhat:jboss_enterprise_bpms_platform:7"]}, {"vendor": "Red Hat", "product": "Red Hat Single Sign-On 7", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "xnio", "defaultStatus": "affected", "cpes": ["cpe:/a:redhat:red_hat_single_sign_on:7"]}], "references": [{"url": "https://access.redhat.com/errata/RHSA-2023:7637", "name": "RHSA-2023:7637", "tags": ["vendor-advisory", "x_refsource_REDHAT"]}, {"url": "https://access.redhat.com/errata/RHSA-2023:7638", "name": "RHSA-2023:7638", "tags": ["vendor-advisory", "x_refsource_REDHAT"]}, {"url": "https://access.redhat.com/errata/RHSA-2023:7639", "name": "RHSA-2023:7639", "tags": ["vendor-advisory", "x_refsource_REDHAT"]}, {"url": "https://access.redhat.com/errata/RHSA-2023:7641", "name": "RHSA-2023:7641", "tags": ["vendor-advisory", "x_refsource_REDHAT"]}, {"url": "https://access.redhat.com/errata/RHSA-2024:10207", "name": "RHSA-2024:10207", "tags": ["vendor-advisory", "x_refsource_REDHAT"]}, {"url": "https://access.redhat.com/errata/RHSA-2024:10208", "name": "RHSA-2024:10208", "tags": ["vendor-advisory", "x_refsource_REDHAT"]}, {"url": "https://access.redhat.com/errata/RHSA-2024:2707", "name": "RHSA-2024:2707", "tags": ["vendor-advisory", "x_refsource_REDHAT"]}, {"url": "https://access.redhat.com/security/cve/CVE-2023-5685", "tags": ["vdb-entry", "x_refsource_REDHAT"]}, {"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2241822", "name": "RHBZ#2241822", "tags": ["issue-tracking", "x_refsource_REDHAT"]}], "datePublic": "2024-03-05T00:00:00.000Z", "problemTypes": [{"descriptions": [{"cweId": "CWE-400", "description": "Uncontrolled Resource Consumption", "lang": "en", "type": "CWE"}]}], "x_redhatCweChain": "CWE-400: Uncontrolled Resource Consumption", "workarounds": [{"lang": "en", "value": "There is currently no mitigation available for this vulnerability. Please keep the packages up-to-date as the updates become available."}], "timeline": [{"lang": "en", "time": "2023-10-02T00:00:00+00:00", "value": "Reported to Red Hat."}, {"lang": "en", "time": "2024-03-05T00:00:00+00:00", "value": "Made public."}], "providerMetadata": {"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat", "dateUpdated": "2025-02-27T02:24:08.225Z"}}, "adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2023-5685", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-04-22T16:12:35.889624Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-06-04T17:28:42.677Z"}}, {"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T08:07:32.397Z"}, "title": "CVE Program Container", "references": [{"url": "https://access.redhat.com/errata/RHSA-2023:7637", "name": "RHSA-2023:7637", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"]}, {"url": "https://access.redhat.com/errata/RHSA-2023:7638", "name": "RHSA-2023:7638", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"]}, {"url": "https://access.redhat.com/errata/RHSA-2023:7639", "name": "RHSA-2023:7639", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"]}, {"url": "https://access.redhat.com/errata/RHSA-2023:7641", "name": "RHSA-2023:7641", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"]}, {"url": "https://access.redhat.com/errata/RHSA-2024:2707", "name": "RHSA-2024:2707", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"]}, {"url": "https://access.redhat.com/security/cve/CVE-2023-5685", "tags": ["vdb-entry", "x_refsource_REDHAT", "x_transferred"]}, {"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2241822", "name": "RHBZ#2241822", "tags": ["issue-tracking", "x_refsource_REDHAT", "x_transferred"]}]}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://access.redhat.com/errata/RHSA-2023:7637", "name": "RHSA-2023:7637", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"]}, {"url": "https://access.redhat.com/errata/RHSA-2023:7638", "name": "RHSA-2023:7638", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"]}, {"url": "https://access.redhat.com/errata/RHSA-2023:7639", "name": "RHSA-2023:7639", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"]}, {"url": "https://access.redhat.com/errata/RHSA-2023:7641", "name": "RHSA-2023:7641", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"]}, {"url": "https://access.redhat.com/errata/RHSA-2024:2707", "name": "RHSA-2024:2707", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"]}, {"url": "https://access.redhat.com/security/cve/CVE-2023-5685", "tags": ["vdb-entry", "x_refsource_REDHAT", "x_transferred"]}, {"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2241822", "name": "RHBZ#2241822", "tags": ["issue-tracking", "x_refsource_REDHAT", "x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T08:07:32.397Z"}}, {"metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2023-5685", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-04-22T16:12:35.889624Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-04-22T16:35:56.331Z"}, "title": "CISA ADP Vulnrichment"}], "cna": {"title": "Xnio: stackoverflowexception when the chain of notifier states becomes problematically big", "metrics": [{"other": {"type": "Red Hat severity rating", "content": {"value": "Important", "namespace": "https://access.redhat.com/security/updates/classification/"}}}, {"format": "CVSS", "cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.5, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}}], "affected": [{"cpes": ["cpe:/a:redhat:jboss_enterprise_application_platform:7.4"], "vendor": "Red Hat", "product": "EAP 7.4.14", "collectionURL": "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html", "defaultStatus": "unaffected"}, {"cpes": ["cpe:/a:redhat:apache-camel-spring-boot:4.4.0"], "vendor": "Red Hat", "product": "Red Hat build of Apache Camel 4.4.0 for Spring Boot", "packageName": "xnio", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "defaultStatus": "unaffected"}, {"cpes": ["cpe:/a:redhat:jboss_enterprise_application_platform_eus:7.1::el7"], "vendor": "Red Hat", "product": "Red Hat JBoss Enterprise Application Platform 7.1 EUS for RHEL 7", "versions": [{"status": "unaffected", "version": "0:3.1.16-3.SP1_redhat_00001.1.ep7.el7", "lessThan": "*", "versionType": "rpm"}], "packageName": "eap7-apache-cxf", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "defaultStatus": "affected"}, {"cpes": ["cpe:/a:redhat:jboss_enterprise_application_platform_eus:7.1::el7"], "vendor": "Red Hat", "product": "Red Hat JBoss Enterprise Application Platform 7.1 EUS for RHEL 7", "versions": [{"status": "unaffected", "version": "0:1.7.6-2.redhat_00003.1.ep7.el7", "lessThan": "*", "versionType": "rpm"}], "packageName": "eap7-avro", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "defaultStatus": "affected"}, {"cpes": ["cpe:/a:redhat:jboss_enterprise_application_platform_eus:7.1::el7"], "vendor": "Red Hat", "product": "Red Hat JBoss Enterprise Application Platform 7.1 EUS for RHEL 7", "versions": [{"status": "unaffected", "version": "0:1.68.0-1.redhat_00005.1.ep7.el7", "lessThan": "*", "versionType": "rpm"}], "packageName": "eap7-bouncycastle", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "defaultStatus": "affected"}, {"cpes": ["cpe:/a:redhat:jboss_enterprise_application_platform_eus:7.1::el7"], "vendor": "Red Hat", "product": "Red Hat JBoss Enterprise Application Platform 7.1 EUS for RHEL 7", "versions": [{"status": "unaffected", "version": "0:1.4.197-2.redhat_00005.1.ep7.el7", "lessThan": "*", "versionType": "rpm"}], "packageName": "eap7-h2database", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "defaultStatus": "affected"}, {"cpes": ["cpe:/a:redhat:jboss_enterprise_application_platform_eus:7.1::el7"], "vendor": "Red Hat", "product": "Red Hat JBoss Enterprise Application Platform 7.1 EUS for RHEL 7", "versions": [{"status": "unaffected", "version": "0:2.8.11.6-1.SP1_redhat_00001.1.ep7.el7", "lessThan": "*", "versionType": "rpm"}], "packageName": "eap7-jackson-databind", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "defaultStatus": "affected"}, {"cpes": ["cpe:/a:redhat:jboss_enterprise_application_platform_eus:7.1::el7"], "vendor": "Red Hat", "product": "Red Hat JBoss Enterprise Application Platform 7.1 EUS for RHEL 7", "versions": [{"status": "unaffected", "version": "0:2.0.15-1.Final_redhat_00001.1.ep7.el7", "lessThan": "*", "versionType": "rpm"}], "packageName": "eap7-jboss-marshalling", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "defaultStatus": "affected"}, {"cpes": ["cpe:/a:redhat:jboss_enterprise_application_platform_eus:7.1::el7"], "vendor": "Red Hat", "product": "Red Hat JBoss Enterprise Application Platform 7.1 EUS for RHEL 7", "versions": [{"status": "unaffected", "version": "0:3.5.10-1.Final_redhat_00001.1.ep7.el7", "lessThan": "*", "versionType": "rpm"}], "packageName": "eap7-jboss-xnio-base", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "defaultStatus": "affected"}, {"cpes": ["cpe:/a:redhat:jboss_enterprise_application_platform_eus:7.1::el7"], "vendor": "Red Hat", "product": "Red Hat JBoss Enterprise Application Platform 7.1 EUS for RHEL 7", "versions": [{"status": "unaffected", "version": "0:7.1.8-2.GA_redhat_00002.1.ep7.el7", "lessThan": "*", "versionType": "rpm"}], "packageName": "eap7-wildfly", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "defaultStatus": "affected"}, {"cpes": ["cpe:/a:redhat:jboss_enterprise_application_platform_eus:7.1::el7"], "vendor": "Red Hat", "product": "Red Hat JBoss Enterprise Application Platform 7.1 EUS for RHEL 7", "versions": [{"status": "unaffected", "version": "0:2.7.1-26.redhat_00015.1.ep7.el7", "lessThan": "*", "versionType": "rpm"}], "packageName": "eap7-xalan-j2", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "defaultStatus": "affected"}, {"cpes": ["cpe:/a:redhat:jboss_enterprise_application_platform_eus:7.3::el7"], "vendor": "Red Hat", "product": "Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7", "versions": [{"status": "unaffected", "version": "0:3.4.10-1.SP1_redhat_00001.1.el7eap", "lessThan": "*", "versionType": "rpm"}], "packageName": "eap7-apache-cxf", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "defaultStatus": "affected"}, {"cpes": ["cpe:/a:redhat:jboss_enterprise_application_platform_eus:7.3::el7"], "vendor": "Red Hat", "product": "Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7", "versions": [{"status": "unaffected", "version": "0:1.7.6-8.redhat_00003.1.el7eap", "lessThan": "*", "versionType": "rpm"}], "packageName": "eap7-avro", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "defaultStatus": "affected"}, {"cpes": ["cpe:/a:redhat:jboss_enterprise_application_platform_eus:7.3::el7"], "vendor": "Red Hat", "product": "Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7", "versions": [{"status": "unaffected", "version": "0:1.4.197-3.redhat_00004.1.el7eap", "lessThan": "*", "versionType": "rpm"}], "packageName": "eap7-h2database", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "defaultStatus": "affected"}, {"cpes": ["cpe:/a:redhat:jboss_enterprise_application_platform_eus:7.3::el7"], "vendor": "Red Hat", "product": "Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7", "versions": [{"status": "unaffected", "version": "0:2.0.1-4.Final_redhat_00001.1.el7eap", "lessThan": "*", "versionType": "rpm"}], "packageName": "eap7-jboss-annotations-api_1.3_spec", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "defaultStatus": "affected"}, {"cpes": ["cpe:/a:redhat:jboss_enterprise_application_platform_eus:7.3::el7"], "vendor": "Red Hat", "product": "Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7", "versions": [{"status": "unaffected", "version": "0:2.0.15-1.Final_redhat_00001.1.el7eap", "lessThan": "*", "versionType": "rpm"}], "packageName": "eap7-jboss-marshalling", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "defaultStatus": "affected"}, {"cpes": ["cpe:/a:redhat:jboss_enterprise_application_platform_eus:7.3::el7"], "vendor": "Red Hat", "product": "Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7", "versions": [{"status": "unaffected", "version": "0:1.7.2-12.Final_redhat_00013.1.el7eap", "lessThan": "*", "versionType": "rpm"}], "packageName": "eap7-jboss-server-migration", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "defaultStatus": "affected"}, {"cpes": ["cpe:/a:redhat:jboss_enterprise_application_platform_eus:7.3::el7"], "vendor": "Red Hat", "product": "Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7", "versions": [{"status": "unaffected", "version": "0:3.7.13-1.Final_redhat_00001.1.el7eap", "lessThan": "*", "versionType": "rpm"}], "packageName": "eap7-jboss-xnio-base", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "defaultStatus": "affected"}, {"cpes": ["cpe:/a:redhat:jboss_enterprise_application_platform_eus:7.3::el7"], "vendor": "Red Hat", "product": "Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7", "versions": [{"status": "unaffected", "version": "0:1.2.2-2.Final_redhat_00002.1.el7eap", "lessThan": "*", "versionType": "rpm"}], "packageName": "eap7-log4j-jboss-logmanager", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "defaultStatus": "affected"}, {"cpes": ["cpe:/a:redhat:jboss_enterprise_application_platform_eus:7.3::el7"], "vendor": "Red Hat", "product": "Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7", "versions": [{"status": "unaffected", "version": "0:7.3.11-4.GA_redhat_00002.1.el7eap", "lessThan": "*", "versionType": "rpm"}], "packageName": "eap7-wildfly", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "defaultStatus": "affected"}, {"cpes": ["cpe:/a:redhat:jboss_enterprise_application_platform_eus:7.3::el7"], "vendor": "Red Hat", "product": "Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7", "versions": [{"status": "unaffected", "version": "0:2.3.3-2.redhat_00001.1.el7eap", "lessThan": "*", "versionType": "rpm"}], "packageName": "eap7-wss4j", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "defaultStatus": "affected"}, {"cpes": ["cpe:/a:redhat:jboss_enterprise_application_platform_eus:7.3::el7"], "vendor": "Red Hat", "product": "Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7", "versions": [{"status": "unaffected", "version": "0:2.7.1-38.redhat_00015.1.el7eap", "lessThan": "*", "versionType": "rpm"}], "packageName": "eap7-xalan-j2", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "defaultStatus": "affected"}, {"cpes": ["cpe:/a:redhat:jboss_enterprise_application_platform_eus:7.3::el7"], "vendor": "Red Hat", "product": "Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7", "versions": [{"status": "unaffected", "version": "0:2.2.3-2.redhat_00001.1.el7eap", "lessThan": "*", "versionType": "rpm"}], "packageName": "eap7-xml-security", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "defaultStatus": "affected"}, {"cpes": ["cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el8"], "vendor": "Red Hat", "product": "Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 8", "versions": [{"status": "unaffected", "version": "0:3.8.11-1.SP1_redhat_00001.1.el8eap", "lessThan": "*", "versionType": "rpm"}], "packageName": "eap7-jboss-xnio-base", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "defaultStatus": "affected"}, {"cpes": ["cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el9"], "vendor": "Red Hat", "product": "Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 9", "versions": [{"status": "unaffected", "version": "0:3.8.11-1.SP1_redhat_00001.1.el9eap", "lessThan": "*", "versionType": "rpm"}], "packageName": "eap7-jboss-xnio-base", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "defaultStatus": "affected"}, {"cpes": ["cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el7"], "vendor": "Red Hat", "product": "Red Hat JBoss Enterprise Application Platform 7.4 on RHEL 7", "versions": [{"status": "unaffected", "version": "0:3.8.11-1.SP1_redhat_00001.1.el7eap", "lessThan": "*", "versionType": "rpm"}], "packageName": "eap7-jboss-xnio-base", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "defaultStatus": "affected"}, {"cpes": ["cpe:/a:redhat:camel_spring_boot:3"], "vendor": "Red Hat", "product": "Red Hat build of Apache Camel for Spring Boot 3", "packageName": "xnio", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "defaultStatus": "unaffected"}, {"cpes": ["cpe:/a:redhat:rhboac_hawtio:4"], "vendor": "Red Hat", "product": "Red Hat build of Apache Camel - HawtIO", "packageName": "xnio", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "defaultStatus": "affected"}, {"cpes": ["cpe:/a:redhat:build_keycloak:"], "vendor": "Red Hat", "product": "Red Hat Build of Keycloak", "packageName": "xnio", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "defaultStatus": "unaffected"}, {"cpes": ["cpe:/a:redhat:jboss_data_grid:8"], "vendor": "Red Hat", "product": "Red Hat Data Grid 8", "packageName": "xnio", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "defaultStatus": "unaffected"}, {"cpes": ["cpe:/a:redhat:integration:1"], "vendor": "Red Hat", "product": "Red Hat Integration Camel K", "packageName": "xnio", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "defaultStatus": "affected"}, {"cpes": ["cpe:/a:redhat:jboss_data_grid:7"], "vendor": "Red Hat", "product": "Red Hat JBoss Data Grid 7", "packageName": "xnio", "collectionURL": "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html", "defaultStatus": "unknown"}, {"cpes": ["cpe:/a:redhat:jboss_enterprise_application_platform:8"], "vendor": "Red Hat", "product": "Red Hat JBoss Enterprise Application Platform 8", "packageName": "xnio", "collectionURL": "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html", "defaultStatus": "unaffected"}, {"cpes": ["cpe:/a:redhat:jbosseapxp"], "vendor": "Red Hat", "product": "Red Hat JBoss Enterprise Application Platform Expansion Pack", "packageName": "xnio", "collectionURL": "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html", "defaultStatus": "unaffected"}, {"cpes": ["cpe:/a:redhat:jboss_fuse_service_works:6"], "vendor": "Red Hat", "product": "Red Hat JBoss Fuse Service Works 6", "packageName": "xnio", "collectionURL": "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html", "defaultStatus": "unknown"}, {"cpes": ["cpe:/a:redhat:jboss_enterprise_bpms_platform:7"], "vendor": "Red Hat", "product": "Red Hat Process Automation 7", "packageName": "xnio", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "defaultStatus": "affected"}, {"cpes": ["cpe:/a:redhat:red_hat_single_sign_on:7"], "vendor": "Red Hat", "product": "Red Hat Single Sign-On 7", "packageName": "xnio", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "defaultStatus": "affected"}], "timeline": [{"lang": "en", "time": "2023-10-02T00:00:00+00:00", "value": "Reported to Red Hat."}, {"lang": "en", "time": "2024-03-05T00:00:00+00:00", "value": "Made public."}], "datePublic": "2024-03-05T00:00:00+00:00", "references": [{"url": "https://access.redhat.com/errata/RHSA-2023:7637", "name": "RHSA-2023:7637", "tags": ["vendor-advisory", "x_refsource_REDHAT"]}, {"url": "https://access.redhat.com/errata/RHSA-2023:7638", "name": "RHSA-2023:7638", "tags": ["vendor-advisory", "x_refsource_REDHAT"]}, {"url": "https://access.redhat.com/errata/RHSA-2023:7639", "name": "RHSA-2023:7639", "tags": ["vendor-advisory", "x_refsource_REDHAT"]}, {"url": "https://access.redhat.com/errata/RHSA-2023:7641", "name": "RHSA-2023:7641", "tags": ["vendor-advisory", "x_refsource_REDHAT"]}, {"url": "https://access.redhat.com/errata/RHSA-2024:10207", "name": "RHSA-2024:10207", "tags": ["vendor-advisory", "x_refsource_REDHAT"]}, {"url": "https://access.redhat.com/errata/RHSA-2024:10208", "name": "RHSA-2024:10208", "tags": ["vendor-advisory", "x_refsource_REDHAT"]}, {"url": "https://access.redhat.com/errata/RHSA-2024:2707", "name": "RHSA-2024:2707", "tags": ["vendor-advisory", "x_refsource_REDHAT"]}, {"url": "https://access.redhat.com/security/cve/CVE-2023-5685", "tags": ["vdb-entry", "x_refsource_REDHAT"]}, {"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2241822", "name": "RHBZ#2241822", "tags": ["issue-tracking", "x_refsource_REDHAT"]}], "workarounds": [{"lang": "en", "value": "There is currently no mitigation available for this vulnerability. Please keep the packages up-to-date as the updates become available."}], "descriptions": [{"lang": "en", "value": "A flaw was found in XNIO. The XNIO NotifierState that can cause a Stack Overflow Exception when the chain of notifier states becomes problematically large can lead to uncontrolled resource management and a possible denial of service (DoS)."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-400", "description": "Uncontrolled Resource Consumption"}]}], "providerMetadata": {"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat", "dateUpdated": "2024-11-26T02:49:43.255Z"}, "x_redhatCweChain": "CWE-400: Uncontrolled Resource Consumption"}}, "cveMetadata": {"cveId": "CVE-2023-5685", "state": "PUBLISHED", "dateUpdated": "2024-11-26T02:49:43.255Z", "dateReserved": "2023-10-20T15:39:55.570Z", "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "datePublished": "2024-03-22T18:24:42.696Z", "assignerShortName": "redhat"}, "dataVersion": "5.1"}

{"descriptions": [{"lang": "en", "value": "A flaw was found in XNIO. The XNIO NotifierState that can cause a Stack Overflow Exception when the chain of notifier states becomes problematically large can lead to uncontrolled resource management and a possible denial of service (DoS)."}, {"lang": "es", "value": "Se encontr\u00f3 una falla en XNIO. El XNIO NotifierState que puede provocar una excepci\u00f3n de desbordamiento de pila cuando la cadena de estados de notificador se vuelve problem\u00e1ticamente grande puede provocar una gesti\u00f3n descontrolada de recursos y una posible denegaci\u00f3n de servicio (DoS)."}], "id": "CVE-2023-5685", "lastModified": "2024-11-26T03:15:03.853", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "secalert@redhat.com", "type": "Secondary"}]}, "published": "2024-03-22T19:15:07.983", "references": [{"source": "secalert@redhat.com", "url": "https://access.redhat.com/errata/RHSA-2023:7637"}, {"source": "secalert@redhat.com", "url": "https://access.redhat.com/errata/RHSA-2023:7638"}, {"source": "secalert@redhat.com", "url": "https://access.redhat.com/errata/RHSA-2023:7639"}, {"source": "secalert@redhat.com", "url": "https://access.redhat.com/errata/RHSA-2023:7641"}, {"source": "secalert@redhat.com", "url": "https://access.redhat.com/errata/RHSA-2024:10207"}, {"source": "secalert@redhat.com", "url": "https://access.redhat.com/errata/RHSA-2024:10208"}, {"source": "secalert@redhat.com", "url": "https://access.redhat.com/errata/RHSA-2024:2707"}, {"source": "secalert@redhat.com", "url": "https://access.redhat.com/security/cve/CVE-2023-5685"}, {"source": "secalert@redhat.com", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2241822"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://access.redhat.com/errata/RHSA-2023:7637"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://access.redhat.com/errata/RHSA-2023:7638"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://access.redhat.com/errata/RHSA-2023:7639"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://access.redhat.com/errata/RHSA-2023:7641"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://access.redhat.com/errata/RHSA-2024:2707"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://access.redhat.com/security/cve/CVE-2023-5685"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2241822"}], "sourceIdentifier": "secalert@redhat.com", "vulnStatus": "Awaiting Analysis", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-400"}], "source": "secalert@redhat.com", "type": "Secondary"}]}

{"affected_release": [{"advisory": "RHSA-2023:7641", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:7.4", "product_name": "EAP 7.4.14", "release_date": "2023-12-04T00:00:00Z"}, {"advisory": "RHSA-2024:2707", "cpe": "cpe:/a:redhat:apache-camel-spring-boot:4.4.0", "package": "xnio", "product_name": "Red Hat build of Apache Camel 4.4.0 for Spring Boot", "release_date": "2024-05-06T00:00:00Z"}, {"advisory": "RHSA-2024:10208", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform_eus:7.1::el7", "package": "eap7-apache-cxf-0:3.1.16-3.SP1_redhat_00001.1.ep7.el7", "product_name": "Red Hat JBoss Enterprise Application Platform 7.1 EUS for RHEL 7", "release_date": "2024-11-25T00:00:00Z"}, {"advisory": "RHSA-2024:10208", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform_eus:7.1::el7", "package": "eap7-avro-0:1.7.6-2.redhat_00003.1.ep7.el7", "product_name": "Red Hat JBoss Enterprise Application Platform 7.1 EUS for RHEL 7", "release_date": "2024-11-25T00:00:00Z"}, {"advisory": "RHSA-2024:10208", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform_eus:7.1::el7", "package": "eap7-bouncycastle-0:1.68.0-1.redhat_00005.1.ep7.el7", "product_name": "Red Hat JBoss Enterprise Application Platform 7.1 EUS for RHEL 7", "release_date": "2024-11-25T00:00:00Z"}, {"advisory": "RHSA-2024:10208", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform_eus:7.1::el7", "package": "eap7-h2database-0:1.4.197-2.redhat_00005.1.ep7.el7", "product_name": "Red Hat JBoss Enterprise Application Platform 7.1 EUS for RHEL 7", "release_date": "2024-11-25T00:00:00Z"}, {"advisory": "RHSA-2024:10208", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform_eus:7.1::el7", "package": "eap7-jackson-databind-0:2.8.11.6-1.SP1_redhat_00001.1.ep7.el7", "product_name": "Red Hat JBoss Enterprise Application Platform 7.1 EUS for RHEL 7", "release_date": "2024-11-25T00:00:00Z"}, {"advisory": "RHSA-2024:10208", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform_eus:7.1::el7", "package": "eap7-jboss-marshalling-0:2.0.15-1.Final_redhat_00001.1.ep7.el7", "product_name": "Red Hat JBoss Enterprise Application Platform 7.1 EUS for RHEL 7", "release_date": "2024-11-25T00:00:00Z"}, {"advisory": "RHSA-2024:10208", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform_eus:7.1::el7", "package": "eap7-jboss-xnio-base-0:3.5.10-1.Final_redhat_00001.1.ep7.el7", "product_name": "Red Hat JBoss Enterprise Application Platform 7.1 EUS for RHEL 7", "release_date": "2024-11-25T00:00:00Z"}, {"advisory": "RHSA-2024:10208", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform_eus:7.1::el7", "package": "eap7-wildfly-0:7.1.8-2.GA_redhat_00002.1.ep7.el7", "product_name": "Red Hat JBoss Enterprise Application Platform 7.1 EUS for RHEL 7", "release_date": "2024-11-25T00:00:00Z"}, {"advisory": "RHSA-2024:10208", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform_eus:7.1::el7", "package": "eap7-xalan-j2-0:2.7.1-26.redhat_00015.1.ep7.el7", "product_name": "Red Hat JBoss Enterprise Application Platform 7.1 EUS for RHEL 7", "release_date": "2024-11-25T00:00:00Z"}, {"advisory": "RHSA-2024:10207", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform_eus:7.3::el7", "package": "eap7-apache-cxf-0:3.4.10-1.SP1_redhat_00001.1.el7eap", "product_name": "Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7", "release_date": "2024-11-25T00:00:00Z"}, {"advisory": "RHSA-2024:10207", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform_eus:7.3::el7", "package": "eap7-avro-0:1.7.6-8.redhat_00003.1.el7eap", "product_name": "Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7", "release_date": "2024-11-25T00:00:00Z"}, {"advisory": "RHSA-2024:10207", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform_eus:7.3::el7", "package": "eap7-h2database-0:1.4.197-3.redhat_00004.1.el7eap", "product_name": "Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7", "release_date": "2024-11-25T00:00:00Z"}, {"advisory": "RHSA-2024:10207", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform_eus:7.3::el7", "package": "eap7-jboss-annotations-api_1.3_spec-0:2.0.1-4.Final_redhat_00001.1.el7eap", "product_name": "Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7", "release_date": "2024-11-25T00:00:00Z"}, {"advisory": "RHSA-2024:10207", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform_eus:7.3::el7", "package": "eap7-jboss-marshalling-0:2.0.15-1.Final_redhat_00001.1.el7eap", "product_name": "Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7", "release_date": "2024-11-25T00:00:00Z"}, {"advisory": "RHSA-2024:10207", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform_eus:7.3::el7", "package": "eap7-jboss-server-migration-0:1.7.2-12.Final_redhat_00013.1.el7eap", "product_name": "Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7", "release_date": "2024-11-25T00:00:00Z"}, {"advisory": "RHSA-2024:10207", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform_eus:7.3::el7", "package": "eap7-jboss-xnio-base-0:3.7.13-1.Final_redhat_00001.1.el7eap", "product_name": "Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7", "release_date": "2024-11-25T00:00:00Z"}, {"advisory": "RHSA-2024:10207", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform_eus:7.3::el7", "package": "eap7-log4j-jboss-logmanager-0:1.2.2-2.Final_redhat_00002.1.el7eap", "product_name": "Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7", "release_date": "2024-11-25T00:00:00Z"}, {"advisory": "RHSA-2024:10207", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform_eus:7.3::el7", "package": "eap7-wildfly-0:7.3.11-4.GA_redhat_00002.1.el7eap", "product_name": "Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7", "release_date": "2024-11-25T00:00:00Z"}, {"advisory": "RHSA-2024:10207", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform_eus:7.3::el7", "package": "eap7-wss4j-0:2.3.3-2.redhat_00001.1.el7eap", "product_name": "Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7", "release_date": "2024-11-25T00:00:00Z"}, {"advisory": "RHSA-2024:10207", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform_eus:7.3::el7", "package": "eap7-xalan-j2-0:2.7.1-38.redhat_00015.1.el7eap", "product_name": "Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7", "release_date": "2024-11-25T00:00:00Z"}, {"advisory": "RHSA-2024:10207", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform_eus:7.3::el7", "package": "eap7-xml-security-0:2.2.3-2.redhat_00001.1.el7eap", "product_name": "Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7", "release_date": "2024-11-25T00:00:00Z"}, {"advisory": "RHSA-2023:7638", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el8", "package": "eap7-jboss-xnio-base-0:3.8.11-1.SP1_redhat_00001.1.el8eap", "product_name": "Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 8", "release_date": "2023-12-04T00:00:00Z"}, {"advisory": "RHSA-2023:7639", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el9", "package": "eap7-jboss-xnio-base-0:3.8.11-1.SP1_redhat_00001.1.el9eap", "product_name": "Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 9", "release_date": "2023-12-04T00:00:00Z"}, {"advisory": "RHSA-2023:7637", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el7", "package": "eap7-jboss-xnio-base-0:3.8.11-1.SP1_redhat_00001.1.el7eap", "product_name": "Red Hat JBoss Enterprise Application Platform 7.4 on RHEL 7", "release_date": "2023-12-04T00:00:00Z"}], "bugzilla": {"description": "xnio: StackOverflowException when the chain of notifier states becomes problematically big", "id": "2241822", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2241822"}, "csaw": false, "cvss3": {"cvss3_base_score": "7.5", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "status": "verified"}, "cwe": "CWE-400", "details": ["A flaw was found in XNIO. The XNIO NotifierState that can cause a Stack Overflow Exception when the chain of notifier states becomes problematically large can lead to uncontrolled resource management and a possible denial of service (DoS).", "A flaw was found in XNIO. The XNIO NotifierState that can cause a Stack Overflow Exception when the chain of notifier states becomes problematically large can lead to uncontrolled resource management and a possible denial of service (DoS)."], "mitigation": {"lang": "en:us", "value": "There is currently no mitigation available for this vulnerability. Please keep the packages up-to-date as the updates become available."}, "name": "CVE-2023-5685", "package_state": [{"cpe": "cpe:/a:redhat:camel_spring_boot:3", "fix_state": "Not affected", "impact": "moderate", "package_name": "xnio", "product_name": "Red Hat build of Apache Camel for Spring Boot 3"}, {"cpe": "cpe:/a:redhat:rhboac_hawtio:4", "fix_state": "Will not fix", "impact": "moderate", "package_name": "xnio", "product_name": "Red Hat build of Apache Camel - HawtIO"}, {"cpe": "cpe:/a:redhat:build_keycloak:", "fix_state": "Not affected", "package_name": "xnio", "product_name": "Red Hat Build of Keycloak"}, {"cpe": "cpe:/a:redhat:jboss_data_grid:8", "fix_state": "Not affected", "package_name": "xnio", "product_name": "Red Hat Data Grid 8"}, {"cpe": "cpe:/a:redhat:integration:1", "fix_state": "Will not fix", "impact": "moderate", "package_name": "xnio", "product_name": "Red Hat Integration Camel K"}, {"cpe": "cpe:/a:redhat:jboss_data_grid:7", "fix_state": "Out of support scope", "package_name": "xnio", "product_name": "Red Hat JBoss Data Grid 7"}, {"cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:8", "fix_state": "Not affected", "package_name": "xnio", "product_name": "Red Hat JBoss Enterprise Application Platform 8"}, {"cpe": "cpe:/a:redhat:jbosseapxp", "fix_state": "Not affected", "package_name": "xnio", "product_name": "Red Hat JBoss Enterprise Application Platform Expansion Pack"}, {"cpe": "cpe:/a:redhat:jboss_fuse_service_works:6", "fix_state": "Out of support scope", "package_name": "xnio", "product_name": "Red Hat JBoss Fuse Service Works 6"}, {"cpe": "cpe:/a:redhat:jboss_enterprise_bpms_platform:7", "fix_state": "Affected", "package_name": "xnio", "product_name": "Red Hat Process Automation 7"}, {"cpe": "cpe:/a:redhat:red_hat_single_sign_on:7", "fix_state": "Affected", "package_name": "xnio", "product_name": "Red Hat Single Sign-On 7"}], "public_date": "2024-03-05T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2023-5685\nhttps://nvd.nist.gov/vuln/detail/CVE-2023-5685"], "statement": "Red Hat rates this vulnerability as an Important impact as the uncontrolled resource consumption may lead to Denial of Service (DoS). This might be intentioned by an attacker who is looking to jeopardize an environment.", "threat_severity": "Important", "upstream_fix": "xnio 3.8.14, xnio 3.8.12.SP1, xnio 3.8.11.SP1"}

Metrics

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

Exploitation none

Automatable yes

Technical Impact partial

Affected Vendors & Products

JSON object

JSON object

JSON object

JSON object