CVE-2023-3171: Eap-7: heap exhaustion via deserialization
First published: Thu Jun 08 2023(Updated: )
A flaw was found in EAP-7 during deserialization of certain classes, which permits instantiation of HashMap and HashTable with no checks on resources consumed. This issue could allow an attacker to submit malicious requests using these classes, which could eventually exhaust the heap and result in a Denial of Service.
Credit: secalert@redhat.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| All of | ||
| =7.4 | ||
| Any of | ||
| =7.0 | ||
| =8.0 | ||
| =9.0 | ||
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- agent/type
- agent/first-publish-date
- agent/last-modified-date
- collector/redhat-bugzilla
- source/Red Hat
- alias/CVE-2023-3171
- agent/weakness
- agent/references
- agent/softwarecombine
- collector/nvd-api
- source/NVD
- agent/software-canonical-lookup
- agent/severity
- agent/title
- agent/author
- agent/tags
- agent/description
- agent/event
- collector/mitre-cve
- source/MITRE
- vendor/redhat
- canonical/redhat jboss enterprise application platform
- version/redhat jboss enterprise application platform/7.4
- canonical/redhat enterprise linux
- version/redhat enterprise linux/7.0
- version/redhat enterprise linux/8.0
- version/redhat enterprise linux/9.0