CVE-2022-0084 - Vulnerability Details

A flaw was found in XNIO, specifically in the notifyReadClosed method. The issue revealed this method was logging a message to another expected end. This flaw allows an attacker to send flawed requests to a server, possibly causing log contention-related performance concerns or an unwanted disk fill-up.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Redhat	Integration Camel K Integration Camel Quarkus Jboss Data Grid Jboss Enterprise Application Platform Jboss Enterprise Application Platform Eus Jboss Fuse Red Hat Single Sign On Single Sign-on Xnio

Configuration 1 [-]

OR	cpe:2.3:a:redhat:integration_camel_k:-:::::::*
	cpe:2.3:a:redhat:integration_camel_quarkus:-:::::::*
	cpe:2.3:a:redhat:single_sign-on:7.0:::::::*
	cpe:2.3:a:redhat:xnio::::::::

Package	CPE	Advisory	Released Date
Red Hat Data Grid 8.3.1
xnio	cpe:/a:redhat:jboss_data_grid:8	RHSA-2022:2232	2022-05-12T00:00:00Z
Red Hat Fuse 7.11
xnio	cpe:/a:redhat:jboss_fuse:7	RHSA-2022:5532	2022-07-07T00:00:00Z
Red Hat JBoss Enterprise Application Platform 7
xnio	cpe:/a:redhat:jboss_enterprise_application_platform:7.4	RHSA-2022:4922	2022-06-06T00:00:00Z
Red Hat JBoss Enterprise Application Platform 7.1 EUS for RHEL 7
eap7-activemq-artemis-0:1.5.5.016-1.redhat_00001.1.ep7.el7	cpe:/a:redhat:jboss_enterprise_application_platform_eus:7.1::el7	RHSA-2025:4226	2025-04-28T00:00:00Z
eap7-artemis-native-1:1.5.5.016-1.redhat_00001.1.ep7.el7	cpe:/a:redhat:jboss_enterprise_application_platform_eus:7.1::el7	RHSA-2025:4226	2025-04-28T00:00:00Z
eap7-jboss-xnio-base-0:3.5.11-1.Final_redhat_00001.1.ep7.el7	cpe:/a:redhat:jboss_enterprise_application_platform_eus:7.1::el7	RHSA-2025:4226	2025-04-28T00:00:00Z
eap7-jsoup-0:1.14.2-1.redhat_00002.1.ep7.el7	cpe:/a:redhat:jboss_enterprise_application_platform_eus:7.1::el7	RHSA-2025:4226	2025-04-28T00:00:00Z
eap7-undertow-0:1.4.18-14.SP13_redhat_00001.1.ep7.el7	cpe:/a:redhat:jboss_enterprise_application_platform_eus:7.1::el7	RHSA-2025:4226	2025-04-28T00:00:00Z
eap7-wildfly-0:7.1.10-2.GA_redhat_00002.1.ep7.el7	cpe:/a:redhat:jboss_enterprise_application_platform_eus:7.1::el7	RHSA-2025:4226	2025-04-28T00:00:00Z
eap7-woodstox-core-0:5.0.3-2.redhat_00002.1.ep7.el7	cpe:/a:redhat:jboss_enterprise_application_platform_eus:7.1::el7	RHSA-2025:4226	2025-04-28T00:00:00Z
eap7-xml-security-0:2.0.10-2.redhat_00002.1.ep7.el7	cpe:/a:redhat:jboss_enterprise_application_platform_eus:7.1::el7	RHSA-2025:4226	2025-04-28T00:00:00Z
Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7
eap7-activemq-artemis-0:2.9.0-10.redhat_00021.1.el7eap	cpe:/a:redhat:jboss_enterprise_application_platform_eus:7.3::el7	RHSA-2025:4437	2025-05-05T00:00:00Z
eap7-gson-0:2.8.9-1.redhat_00001.1.el7eap	cpe:/a:redhat:jboss_enterprise_application_platform_eus:7.3::el7	RHSA-2025:4437	2025-05-05T00:00:00Z
eap7-hal-console-0:3.2.18-1.Final_redhat_00001.1.el7eap	cpe:/a:redhat:jboss_enterprise_application_platform_eus:7.3::el7	RHSA-2025:4437	2025-05-05T00:00:00Z
eap7-jboss-server-migration-0:1.7.2-14.Final_redhat_00015.1.el7eap	cpe:/a:redhat:jboss_enterprise_application_platform_eus:7.3::el7	RHSA-2025:4437	2025-05-05T00:00:00Z
eap7-jboss-xnio-base-0:3.7.14-3.Final_redhat_00001.1.el7eap	cpe:/a:redhat:jboss_enterprise_application_platform_eus:7.3::el7	RHSA-2025:4437	2025-05-05T00:00:00Z
eap7-wildfly-0:7.3.13-4.GA_redhat_00002.1.el7eap	cpe:/a:redhat:jboss_enterprise_application_platform_eus:7.3::el7	RHSA-2025:4437	2025-05-05T00:00:00Z
eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el7eap	cpe:/a:redhat:jboss_enterprise_application_platform_eus:7.3::el7	RHSA-2025:4437	2025-05-05T00:00:00Z
Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 8
eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el8eap	cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el8	RHSA-2022:4919	2022-06-06T00:00:00Z
Red Hat JBoss Enterprise Application Platform 7.4 on RHEL 7
eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el7eap	cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el7	RHSA-2022:4918	2022-06-06T00:00:00Z
Red Hat Single Sign-On 7
xnio	cpe:/a:redhat:red_hat_single_sign_on:7	RHSA-2022:6787	2022-10-04T00:00:00Z
Red Hat Single Sign-On 7.5 for RHEL 7
rh-sso7-keycloak-0:15.0.8-1.redhat_00001.1.el7sso	cpe:/a:redhat:red_hat_single_sign_on:7.5::el7	RHSA-2022:6782	2022-10-04T00:00:00Z
Red Hat Single Sign-On 7.5 for RHEL 8
rh-sso7-keycloak-0:15.0.8-1.redhat_00001.1.el8sso	cpe:/a:redhat:red_hat_single_sign_on:7.5::el8	RHSA-2022:6783	2022-10-04T00:00:00Z
Red Hat Single Sign-On 7.6.1
xnio	cpe:/a:redhat:red_hat_single_sign_on:7.6.1	RHSA-2022:7417	2022-11-03T00:00:00Z
Red Hat Single Sign-On 7.6 for RHEL 7
rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el7sso	cpe:/a:redhat:red_hat_single_sign_on:7.6::el7	RHSA-2022:7409	2022-11-03T00:00:00Z
Red Hat Single Sign-On 7.6 for RHEL 8
rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el8sso	cpe:/a:redhat:red_hat_single_sign_on:7.6::el8	RHSA-2022:7410	2022-11-03T00:00:00Z
Red Hat Single Sign-On 7.6 for RHEL 9
rh-sso7-0:1-5.el9sso	cpe:/a:redhat:red_hat_single_sign_on:7.6::el9	RHSA-2022:7411	2022-11-03T00:00:00Z
rh-sso7-javapackages-tools-0:6.0.0-7.el9sso	cpe:/a:redhat:red_hat_single_sign_on:7.6::el9	RHSA-2022:7411	2022-11-03T00:00:00Z
rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el9sso	cpe:/a:redhat:red_hat_single_sign_on:7.6::el9	RHSA-2022:7411	2022-11-03T00:00:00Z

References

Link	Providers
https://access.redhat.com/security/cve/CVE-2022-0084
https://bugzilla.redhat.com/show_bug.cgi?id=2064226
https://github.com/xnio/xnio/commit/fdefb3b8b715d33387cadc4d48991fb1989b0c12
https://github.com/xnio/xnio/pull/291
https://nvd.nist.gov/vuln/detail/CVE-2022-0084
https://www.cve.org/CVERecord?id=CVE-2022-0084

History

Mon, 05 May 2025 14:30:00 +0000

Type	Values Removed	Values Added
CPEs		cpe:/a:redhat:jboss_enterprise_application_platform_eus:7.3::el7

Mon, 28 Apr 2025 15:00:00 +0000

Type	Values Removed	Values Added
First Time appeared		Redhat jboss Enterprise Application Platform Eus
CPEs		cpe:/a:redhat:jboss_enterprise_application_platform_eus:7.1::el7
Vendors & Products		Redhat jboss Enterprise Application Platform Eus

MITRE

Status: PUBLISHED

Assigner: redhat

Published: 2022-08-26T17:25:46

Updated: 2024-08-02T23:18:41.681Z

Reserved: 2022-01-03T00:00:00

Link: CVE-2022-0084

Vulnrichment

No data.

NVD

Status : Modified

Published: 2022-08-26T18:15:08.487

Modified: 2024-11-21T06:37:52.790

Link: CVE-2022-0084

Redhat

Severity : Moderate

Publid Date: 2022-03-15T00:00:00Z

Links: CVE-2022-0084 - Bugzilla

{"containers": {"cna": {"affected": [{"product": "xnio", "vendor": "n/a", "versions": [{"status": "affected", "version": "Fixed in v3.x"}]}], "descriptions": [{"lang": "en", "value": "A flaw was found in XNIO, specifically in the notifyReadClosed method. The issue revealed this method was logging a message to another expected end. This flaw allows an attacker to send flawed requests to a server, possibly causing log contention-related performance concerns or an unwanted disk fill-up."}], "problemTypes": [{"descriptions": [{"cweId": "CWE-770", "description": "CWE-770 - Allocation of Resources Without Limits or Throttling", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"dateUpdated": "2022-08-26T17:25:46", "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2064226"}, {"tags": ["x_refsource_MISC"], "url": "https://access.redhat.com/security/cve/CVE-2022-0084"}, {"tags": ["x_refsource_MISC"], "url": "https://github.com/xnio/xnio/pull/291"}, {"tags": ["x_refsource_MISC"], "url": "https://github.com/xnio/xnio/commit/fdefb3b8b715d33387cadc4d48991fb1989b0c12"}]}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T23:18:41.681Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2064226"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://access.redhat.com/security/cve/CVE-2022-0084"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://github.com/xnio/xnio/pull/291"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://github.com/xnio/xnio/commit/fdefb3b8b715d33387cadc4d48991fb1989b0c12"}]}]}, "cveMetadata": {"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "cveId": "CVE-2022-0084", "datePublished": "2022-08-26T17:25:46", "dateReserved": "2022-01-03T00:00:00", "dateUpdated": "2024-08-02T23:18:41.681Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:redhat:integration_camel_k:-:*:*:*:*:*:*:*", "matchCriteriaId": "B87C8AD3-8878-4546-86C2-BF411876648C", "vulnerable": true}, {"criteria": "cpe:2.3:a:redhat:integration_camel_quarkus:-:*:*:*:*:*:*:*", "matchCriteriaId": "F039C746-2001-4EE5-835F-49607A94F12B", "vulnerable": true}, {"criteria": "cpe:2.3:a:redhat:single_sign-on:7.0:*:*:*:*:*:*:*", "matchCriteriaId": "9EFEC7CA-8DDA-48A6-A7B6-1F1D14792890", "vulnerable": true}, {"criteria": "cpe:2.3:a:redhat:xnio:*:*:*:*:*:*:*:*", "matchCriteriaId": "0BE22D4E-4636-47CF-87B1-D97AB30A885B", "versionEndExcluding": "3.8.7", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "A flaw was found in XNIO, specifically in the notifyReadClosed method. The issue revealed this method was logging a message to another expected end. This flaw allows an attacker to send flawed requests to a server, possibly causing log contention-related performance concerns or an unwanted disk fill-up."}, {"lang": "es", "value": "Se ha encontrado un fallo en XNIO, concretamente en el m\u00e9todo notifyReadClosed. El problema revel\u00f3 que este m\u00e9todo estaba registrando un mensaje a otro extremo esperado. Este fallo permite a un atacante enviar peticiones defectuosas a un servidor, causando posiblemente problemas de rendimiento relacionados con la contenci\u00f3n de registros o un llenado de disco no deseado."}], "id": "CVE-2022-0084", "lastModified": "2024-11-21T06:37:52.790", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2022-08-26T18:15:08.487", "references": [{"source": "secalert@redhat.com", "tags": ["Vendor Advisory"], "url": "https://access.redhat.com/security/cve/CVE-2022-0084"}, {"source": "secalert@redhat.com", "tags": ["Issue Tracking", "Vendor Advisory"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2064226"}, {"source": "secalert@redhat.com", "tags": ["Patch", "Third Party Advisory"], "url": "https://github.com/xnio/xnio/commit/fdefb3b8b715d33387cadc4d48991fb1989b0c12"}, {"source": "secalert@redhat.com", "tags": ["Patch", "Third Party Advisory"], "url": "https://github.com/xnio/xnio/pull/291"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "https://access.redhat.com/security/cve/CVE-2022-0084"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Issue Tracking", "Vendor Advisory"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2064226"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch", "Third Party Advisory"], "url": "https://github.com/xnio/xnio/commit/fdefb3b8b715d33387cadc4d48991fb1989b0c12"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch", "Third Party Advisory"], "url": "https://github.com/xnio/xnio/pull/291"}], "sourceIdentifier": "secalert@redhat.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-770"}], "source": "secalert@redhat.com", "type": "Secondary"}, {"description": [{"lang": "en", "value": "CWE-770"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"affected_release": [{"advisory": "RHSA-2022:2232", "cpe": "cpe:/a:redhat:jboss_data_grid:8", "package": "xnio", "product_name": "Red Hat Data Grid 8.3.1", "release_date": "2022-05-12T00:00:00Z"}, {"advisory": "RHSA-2022:5532", "cpe": "cpe:/a:redhat:jboss_fuse:7", "package": "xnio", "product_name": "Red Hat Fuse 7.11", "release_date": "2022-07-07T00:00:00Z"}, {"advisory": "RHSA-2022:4922", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:7.4", "package": "xnio", "product_name": "Red Hat JBoss Enterprise Application Platform 7", "release_date": "2022-06-06T00:00:00Z"}, {"advisory": "RHSA-2025:4226", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform_eus:7.1::el7", "package": "eap7-activemq-artemis-0:1.5.5.016-1.redhat_00001.1.ep7.el7", "product_name": "Red Hat JBoss Enterprise Application Platform 7.1 EUS for RHEL 7", "release_date": "2025-04-28T00:00:00Z"}, {"advisory": "RHSA-2025:4226", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform_eus:7.1::el7", "package": "eap7-artemis-native-1:1.5.5.016-1.redhat_00001.1.ep7.el7", "product_name": "Red Hat JBoss Enterprise Application Platform 7.1 EUS for RHEL 7", "release_date": "2025-04-28T00:00:00Z"}, {"advisory": "RHSA-2025:4226", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform_eus:7.1::el7", "package": "eap7-jboss-xnio-base-0:3.5.11-1.Final_redhat_00001.1.ep7.el7", "product_name": "Red Hat JBoss Enterprise Application Platform 7.1 EUS for RHEL 7", "release_date": "2025-04-28T00:00:00Z"}, {"advisory": "RHSA-2025:4226", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform_eus:7.1::el7", "package": "eap7-jsoup-0:1.14.2-1.redhat_00002.1.ep7.el7", "product_name": "Red Hat JBoss Enterprise Application Platform 7.1 EUS for RHEL 7", "release_date": "2025-04-28T00:00:00Z"}, {"advisory": "RHSA-2025:4226", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform_eus:7.1::el7", "package": "eap7-undertow-0:1.4.18-14.SP13_redhat_00001.1.ep7.el7", "product_name": "Red Hat JBoss Enterprise Application Platform 7.1 EUS for RHEL 7", "release_date": "2025-04-28T00:00:00Z"}, {"advisory": "RHSA-2025:4226", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform_eus:7.1::el7", "package": "eap7-wildfly-0:7.1.10-2.GA_redhat_00002.1.ep7.el7", "product_name": "Red Hat JBoss Enterprise Application Platform 7.1 EUS for RHEL 7", "release_date": "2025-04-28T00:00:00Z"}, {"advisory": "RHSA-2025:4226", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform_eus:7.1::el7", "package": "eap7-woodstox-core-0:5.0.3-2.redhat_00002.1.ep7.el7", "product_name": "Red Hat JBoss Enterprise Application Platform 7.1 EUS for RHEL 7", "release_date": "2025-04-28T00:00:00Z"}, {"advisory": "RHSA-2025:4226", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform_eus:7.1::el7", "package": "eap7-xml-security-0:2.0.10-2.redhat_00002.1.ep7.el7", "product_name": "Red Hat JBoss Enterprise Application Platform 7.1 EUS for RHEL 7", "release_date": "2025-04-28T00:00:00Z"}, {"advisory": "RHSA-2025:4437", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform_eus:7.3::el7", "package": "eap7-activemq-artemis-0:2.9.0-10.redhat_00021.1.el7eap", "product_name": "Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7", "release_date": "2025-05-05T00:00:00Z"}, {"advisory": "RHSA-2025:4437", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform_eus:7.3::el7", "package": "eap7-gson-0:2.8.9-1.redhat_00001.1.el7eap", "product_name": "Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7", "release_date": "2025-05-05T00:00:00Z"}, {"advisory": "RHSA-2025:4437", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform_eus:7.3::el7", "package": "eap7-hal-console-0:3.2.18-1.Final_redhat_00001.1.el7eap", "product_name": "Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7", "release_date": "2025-05-05T00:00:00Z"}, {"advisory": "RHSA-2025:4437", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform_eus:7.3::el7", "package": "eap7-jboss-server-migration-0:1.7.2-14.Final_redhat_00015.1.el7eap", "product_name": "Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7", "release_date": "2025-05-05T00:00:00Z"}, {"advisory": "RHSA-2025:4437", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform_eus:7.3::el7", "package": "eap7-jboss-xnio-base-0:3.7.14-3.Final_redhat_00001.1.el7eap", "product_name": "Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7", "release_date": "2025-05-05T00:00:00Z"}, {"advisory": "RHSA-2025:4437", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform_eus:7.3::el7", "package": "eap7-wildfly-0:7.3.13-4.GA_redhat_00002.1.el7eap", "product_name": "Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7", "release_date": "2025-05-05T00:00:00Z"}, {"advisory": "RHSA-2025:4437", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform_eus:7.3::el7", "package": "eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el7eap", "product_name": "Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7", "release_date": "2025-05-05T00:00:00Z"}, {"advisory": "RHSA-2022:4919", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el8", "package": "eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el8eap", "product_name": "Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 8", "release_date": "2022-06-06T00:00:00Z"}, {"advisory": "RHSA-2022:4918", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el7", "package": "eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el7eap", "product_name": "Red Hat JBoss Enterprise Application Platform 7.4 on RHEL 7", "release_date": "2022-06-06T00:00:00Z"}, {"advisory": "RHSA-2022:6787", "cpe": "cpe:/a:redhat:red_hat_single_sign_on:7", "package": "xnio", "product_name": "Red Hat Single Sign-On 7", "release_date": "2022-10-04T00:00:00Z"}, {"advisory": "RHSA-2022:6782", "cpe": "cpe:/a:redhat:red_hat_single_sign_on:7.5::el7", "package": "rh-sso7-keycloak-0:15.0.8-1.redhat_00001.1.el7sso", "product_name": "Red Hat Single Sign-On 7.5 for RHEL 7", "release_date": "2022-10-04T00:00:00Z"}, {"advisory": "RHSA-2022:6783", "cpe": "cpe:/a:redhat:red_hat_single_sign_on:7.5::el8", "package": "rh-sso7-keycloak-0:15.0.8-1.redhat_00001.1.el8sso", "product_name": "Red Hat Single Sign-On 7.5 for RHEL 8", "release_date": "2022-10-04T00:00:00Z"}, {"advisory": "RHSA-2022:7417", "cpe": "cpe:/a:redhat:red_hat_single_sign_on:7.6.1", "package": "xnio", "product_name": "Red Hat Single Sign-On 7.6.1", "release_date": "2022-11-03T00:00:00Z"}, {"advisory": "RHSA-2022:7409", "cpe": "cpe:/a:redhat:red_hat_single_sign_on:7.6::el7", "package": "rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el7sso", "product_name": "Red Hat Single Sign-On 7.6 for RHEL 7", "release_date": "2022-11-03T00:00:00Z"}, {"advisory": "RHSA-2022:7410", "cpe": "cpe:/a:redhat:red_hat_single_sign_on:7.6::el8", "package": "rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el8sso", "product_name": "Red Hat Single Sign-On 7.6 for RHEL 8", "release_date": "2022-11-03T00:00:00Z"}, {"advisory": "RHSA-2022:7411", "cpe": "cpe:/a:redhat:red_hat_single_sign_on:7.6::el9", "package": "rh-sso7-0:1-5.el9sso", "product_name": "Red Hat Single Sign-On 7.6 for RHEL 9", "release_date": "2022-11-03T00:00:00Z"}, {"advisory": "RHSA-2022:7411", "cpe": "cpe:/a:redhat:red_hat_single_sign_on:7.6::el9", "package": "rh-sso7-javapackages-tools-0:6.0.0-7.el9sso", "product_name": "Red Hat Single Sign-On 7.6 for RHEL 9", "release_date": "2022-11-03T00:00:00Z"}, {"advisory": "RHSA-2022:7411", "cpe": "cpe:/a:redhat:red_hat_single_sign_on:7.6::el9", "package": "rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el9sso", "product_name": "Red Hat Single Sign-On 7.6 for RHEL 9", "release_date": "2022-11-03T00:00:00Z"}], "bugzilla": {"description": "xnio: org.xnio.StreamConnection.notifyReadClosed log to debug instead of stderr", "id": "2064226", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2064226"}, "csaw": false, "cvss3": {"cvss3_base_score": "7.5", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "status": "verified"}, "cwe": "CWE-770", "details": ["A flaw was found in XNIO, specifically in the notifyReadClosed method. The issue revealed this method was logging a message to another expected end. This flaw allows an attacker to send flawed requests to a server, possibly causing log contention-related performance concerns or an unwanted disk fill-up.", "A flaw was found in XNIO, specifically in the notifyReadClosed method. The issue revealed this method was logging a message to another expected end. This flaw allows an attacker to send flawed requests to a server, possibly causing log contention-related performance concerns or an unwanted disk fill-up."], "name": "CVE-2022-0084", "package_state": [{"cpe": "cpe:/a:redhat:jboss_enterprise_brms_platform:7", "fix_state": "Not affected", "package_name": "xnio", "product_name": "Red Hat Decision Manager 7"}, {"cpe": "cpe:/a:redhat:integration:1", "fix_state": "Will not fix", "package_name": "xnio", "product_name": "Red Hat Integration Camel K 1"}, {"cpe": "cpe:/a:redhat:camel_quarkus:2", "fix_state": "Will not fix", "package_name": "xnio", "product_name": "Red Hat Integration Camel Quarkus 1"}, {"cpe": "cpe:/a:redhat:integration:1", "fix_state": "Out of support scope", "package_name": "xnio", "product_name": "Red Hat Integration Data Virtualisation Operator"}, {"cpe": "cpe:/a:redhat:jboss_data_grid:7", "fix_state": "Out of support scope", "package_name": "xnio", "product_name": "Red Hat JBoss Data Grid 7"}, {"cpe": "cpe:/a:redhat:jboss_data_virtualization:6", "fix_state": "Out of support scope", "package_name": "xnio", "product_name": "Red Hat JBoss Data Virtualization 6"}, {"cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:6", "fix_state": "Out of support scope", "package_name": "jbossas-modules-eap", "product_name": "Red Hat JBoss Enterprise Application Platform 6"}, {"cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:6", "fix_state": "Out of support scope", "package_name": "jboss-on", "product_name": "Red Hat JBoss Enterprise Application Platform 6"}, {"cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:6", "fix_state": "Out of support scope", "package_name": "jboss-xnio-base", "product_name": "Red Hat JBoss Enterprise Application Platform 6"}, {"cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:6", "fix_state": "Out of support scope", "package_name": "keycloak-adapter-eap6", "product_name": "Red Hat JBoss Enterprise Application Platform 6"}, {"cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:6", "fix_state": "Out of support scope", "package_name": "keycloak-adapter-sso7_2-eap6", "product_name": "Red Hat JBoss Enterprise Application Platform 6"}, {"cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:6", "fix_state": "Out of support scope", "package_name": "keycloak-adapter-sso7_3-eap6", "product_name": "Red Hat JBoss Enterprise Application Platform 6"}, {"cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:6", "fix_state": "Out of support scope", "package_name": "keycloak-adapter-sso7_4-eap6", "product_name": "Red Hat JBoss Enterprise Application Platform 6"}, {"cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:6", "fix_state": "Out of support scope", "package_name": "keycloak-adapter-sso7_5-eap6", "product_name": "Red Hat JBoss Enterprise Application Platform 6"}, {"cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:6", "fix_state": "Out of support scope", "package_name": "xnio", "product_name": "Red Hat JBoss Enterprise Application Platform 6"}, {"cpe": "cpe:/a:redhat:jbosseapxp", "fix_state": "Not affected", "package_name": "xnio", "product_name": "Red Hat JBoss Enterprise Application Platform Expansion Pack"}, {"cpe": "cpe:/a:redhat:jboss_fuse:6", "fix_state": "Out of support scope", "package_name": "xnio", "product_name": "Red Hat JBoss Fuse 6"}, {"cpe": "cpe:/a:redhat:jboss_fuse_service_works:6", "fix_state": "Out of support scope", "package_name": "xnio", "product_name": "Red Hat JBoss Fuse Service Works 6"}, {"cpe": "cpe:/a:redhat:jboss_operations_network:3", "fix_state": "Out of support scope", "package_name": "org.jboss.on-jboss-on-parent", "product_name": "Red Hat JBoss Operations Network 3"}, {"cpe": "cpe:/a:redhat:openstack:13", "fix_state": "Out of support scope", "package_name": "opendaylight", "product_name": "Red Hat OpenStack Platform 13 (Queens)"}, {"cpe": "cpe:/a:redhat:jboss_enterprise_bpms_platform:7", "fix_state": "Not affected", "package_name": "xnio", "product_name": "Red Hat Process Automation 7"}], "public_date": "2022-03-15T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2022-0084\nhttps://nvd.nist.gov/vuln/detail/CVE-2022-0084"], "statement": "Although the CVSS stands for 7.5 score, the impact remains Moderate as it demands previous knowledge of the environment to trigger the Denial of Service (DoS)", "threat_severity": "Moderate"}

Metrics

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

Affected Vendors & Products

Metrics

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

Affected Vendors & Products

JSON object

JSON object

JSON object

JSON object