CVE-2023-5685 - Vulnerability Details

A flaw was found in XNIO. The XNIO NotifierState that can cause a Stack Overflow Exception when the chain of notifier states becomes problematically large can lead to uncontrolled resource management and a possible denial of service (DoS).

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Exploitation none

Automatable yes

Technical Impact partial

Vendors	Products
Redhat	Apache-camel-spring-boot Build Keycloak Camel Spring Boot Integration Jboss Data Grid Jboss Enterprise Application Platform Jboss Enterprise Application Platform Eus Jboss Enterprise Bpms Platform Jboss Fuse Service Works Jbosseapxp Red Hat Single Sign On Rhboac Hawtio

No data.

Package	CPE	Advisory	Released Date
EAP 7.4.14
	cpe:/a:redhat:jboss_enterprise_application_platform:7.4	RHSA-2023:7641	2023-12-04T00:00:00Z
Red Hat build of Apache Camel 4.4.0 for Spring Boot
xnio	cpe:/a:redhat:apache-camel-spring-boot:4.4.0	RHSA-2024:2707	2024-05-06T00:00:00Z
Red Hat JBoss Enterprise Application Platform 7.1 EUS for RHEL 7
eap7-apache-cxf-0:3.1.16-3.SP1_redhat_00001.1.ep7.el7	cpe:/a:redhat:jboss_enterprise_application_platform_eus:7.1::el7	RHSA-2024:10208	2024-11-25T00:00:00Z
eap7-avro-0:1.7.6-2.redhat_00003.1.ep7.el7	cpe:/a:redhat:jboss_enterprise_application_platform_eus:7.1::el7	RHSA-2024:10208	2024-11-25T00:00:00Z
eap7-bouncycastle-0:1.68.0-1.redhat_00005.1.ep7.el7	cpe:/a:redhat:jboss_enterprise_application_platform_eus:7.1::el7	RHSA-2024:10208	2024-11-25T00:00:00Z
eap7-h2database-0:1.4.197-2.redhat_00005.1.ep7.el7	cpe:/a:redhat:jboss_enterprise_application_platform_eus:7.1::el7	RHSA-2024:10208	2024-11-25T00:00:00Z
eap7-jackson-databind-0:2.8.11.6-1.SP1_redhat_00001.1.ep7.el7	cpe:/a:redhat:jboss_enterprise_application_platform_eus:7.1::el7	RHSA-2024:10208	2024-11-25T00:00:00Z
eap7-jboss-marshalling-0:2.0.15-1.Final_redhat_00001.1.ep7.el7	cpe:/a:redhat:jboss_enterprise_application_platform_eus:7.1::el7	RHSA-2024:10208	2024-11-25T00:00:00Z
eap7-jboss-xnio-base-0:3.5.10-1.Final_redhat_00001.1.ep7.el7	cpe:/a:redhat:jboss_enterprise_application_platform_eus:7.1::el7	RHSA-2024:10208	2024-11-25T00:00:00Z
eap7-wildfly-0:7.1.8-2.GA_redhat_00002.1.ep7.el7	cpe:/a:redhat:jboss_enterprise_application_platform_eus:7.1::el7	RHSA-2024:10208	2024-11-25T00:00:00Z
eap7-xalan-j2-0:2.7.1-26.redhat_00015.1.ep7.el7	cpe:/a:redhat:jboss_enterprise_application_platform_eus:7.1::el7	RHSA-2024:10208	2024-11-25T00:00:00Z
Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7
eap7-apache-cxf-0:3.4.10-1.SP1_redhat_00001.1.el7eap	cpe:/a:redhat:jboss_enterprise_application_platform_eus:7.3::el7	RHSA-2024:10207	2024-11-25T00:00:00Z
eap7-avro-0:1.7.6-8.redhat_00003.1.el7eap	cpe:/a:redhat:jboss_enterprise_application_platform_eus:7.3::el7	RHSA-2024:10207	2024-11-25T00:00:00Z
eap7-h2database-0:1.4.197-3.redhat_00004.1.el7eap	cpe:/a:redhat:jboss_enterprise_application_platform_eus:7.3::el7	RHSA-2024:10207	2024-11-25T00:00:00Z
eap7-jboss-annotations-api_1.3_spec-0:2.0.1-4.Final_redhat_00001.1.el7eap	cpe:/a:redhat:jboss_enterprise_application_platform_eus:7.3::el7	RHSA-2024:10207	2024-11-25T00:00:00Z
eap7-jboss-marshalling-0:2.0.15-1.Final_redhat_00001.1.el7eap	cpe:/a:redhat:jboss_enterprise_application_platform_eus:7.3::el7	RHSA-2024:10207	2024-11-25T00:00:00Z
eap7-jboss-server-migration-0:1.7.2-12.Final_redhat_00013.1.el7eap	cpe:/a:redhat:jboss_enterprise_application_platform_eus:7.3::el7	RHSA-2024:10207	2024-11-25T00:00:00Z
eap7-jboss-xnio-base-0:3.7.13-1.Final_redhat_00001.1.el7eap	cpe:/a:redhat:jboss_enterprise_application_platform_eus:7.3::el7	RHSA-2024:10207	2024-11-25T00:00:00Z
eap7-log4j-jboss-logmanager-0:1.2.2-2.Final_redhat_00002.1.el7eap	cpe:/a:redhat:jboss_enterprise_application_platform_eus:7.3::el7	RHSA-2024:10207	2024-11-25T00:00:00Z
eap7-wildfly-0:7.3.11-4.GA_redhat_00002.1.el7eap	cpe:/a:redhat:jboss_enterprise_application_platform_eus:7.3::el7	RHSA-2024:10207	2024-11-25T00:00:00Z
eap7-wss4j-0:2.3.3-2.redhat_00001.1.el7eap	cpe:/a:redhat:jboss_enterprise_application_platform_eus:7.3::el7	RHSA-2024:10207	2024-11-25T00:00:00Z
eap7-xalan-j2-0:2.7.1-38.redhat_00015.1.el7eap	cpe:/a:redhat:jboss_enterprise_application_platform_eus:7.3::el7	RHSA-2024:10207	2024-11-25T00:00:00Z
eap7-xml-security-0:2.2.3-2.redhat_00001.1.el7eap	cpe:/a:redhat:jboss_enterprise_application_platform_eus:7.3::el7	RHSA-2024:10207	2024-11-25T00:00:00Z
Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 8
eap7-jboss-xnio-base-0:3.8.11-1.SP1_redhat_00001.1.el8eap	cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el8	RHSA-2023:7638	2023-12-04T00:00:00Z
Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 9
eap7-jboss-xnio-base-0:3.8.11-1.SP1_redhat_00001.1.el9eap	cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el9	RHSA-2023:7639	2023-12-04T00:00:00Z
Red Hat JBoss Enterprise Application Platform 7.4 on RHEL 7
eap7-jboss-xnio-base-0:3.8.11-1.SP1_redhat_00001.1.el7eap	cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el7	RHSA-2023:7637	2023-12-04T00:00:00Z

References

Link	Providers
https://access.redhat.com/errata/RHSA-2023:7637
https://access.redhat.com/errata/RHSA-2023:7638
https://access.redhat.com/errata/RHSA-2023:7639
https://access.redhat.com/errata/RHSA-2023:7641
https://access.redhat.com/errata/RHSA-2024:10207
https://access.redhat.com/errata/RHSA-2024:10208
https://access.redhat.com/errata/RHSA-2024:2707
https://access.redhat.com/security/cve/CVE-2023-5685
https://bugzilla.redhat.com/show_bug.cgi?id=2241822
https://nvd.nist.gov/vuln/detail/CVE-2023-5685
https://www.cve.org/CVERecord?id=CVE-2023-5685

History

Tue, 26 Nov 2024 03:15:00 +0000

Type	Values Removed	Values Added
References		https://access.redhat.com/errata/RHSA-2024:10207 https://access.redhat.com/errata/RHSA-2024:10208

Mon, 25 Nov 2024 15:15:00 +0000

Type	Values Removed	Values Added
First Time appeared		Redhat jboss Enterprise Application Platform Eus
CPEs		cpe:/a:redhat:jboss_enterprise_application_platform_eus:7.1::el7 cpe:/a:redhat:jboss_enterprise_application_platform_eus:7.3::el7
Vendors & Products		Redhat jboss Enterprise Application Platform Eus

Thu, 19 Sep 2024 20:30:00 +0000

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}`

Wed, 18 Sep 2024 08:45:00 +0000

Type	Values Removed	Values Added
CPEs	~~cpe:/a:redhat:build_keycloak:22~~	cpe:/a:redhat:build_keycloak:

MITRE

Status: PUBLISHED

Assigner: redhat

Published: 2024-03-22T18:24:42.696Z

Updated: 2024-11-26T02:49:43.255Z

Reserved: 2023-10-20T15:39:55.570Z

Link: CVE-2023-5685

Vulnrichment

Updated: 2024-08-02T08:07:32.397Z

NVD

Status : Awaiting Analysis

Published: 2024-03-22T19:15:07.983

Modified: 2024-11-26T03:15:03.853

Link: CVE-2023-5685

Redhat

Severity : Important

Publid Date: 2024-03-05T00:00:00Z

Links: CVE-2023-5685 - Bugzilla

Metrics

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

Exploitation none

Automatable yes

Technical Impact partial

Affected Vendors & Products

JSON object

JSON object

JSON object

JSON object