First published: Tue Apr 18 2023(Updated: )
This is a cumulative patch release zip for the JBoss EAP XP 4.0.0 runtime distribution for use with EAP 7.4.10.<br>Security Fix(es):<br><li> protobuf-java: Textformat parsing issue leads to DoS (CVE-2022-3509)</li> <li> protobuf-java: Message-Type Extensions parsing issue leads to DoS (CVE-2022-3510)</li> <li> WildFly: possible information disclosure (CVE-2022-1278)</li> For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Affected Software | Affected Version | How to fix |
---|---|---|
Red Hat JBoss Enterprise Application Platform | ||
Red Hat JBoss EAP |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
The severity of RHSA-2023:1855 is classified as important due to the critical nature of the vulnerabilities addressed.
To fix RHSA-2023:1855, apply the cumulative patch release zip for the JBoss EAP XP 4.0.0 runtime distribution available from Red Hat.
RHSA-2023:1855 addresses vulnerabilities related to protobuf-java, including DoS issues from Textformat parsing and Message-Type Extensions.
RHSA-2023:1855 affects the JBoss EAP 7.4.10 runtime distribution.
As of now, there are no known exploits publicly reported for the vulnerabilities addressed in RHSA-2023:1855.