CVE-2011-4610

CWE-119 — Buffer Overflow5 documents5 sources

Severity

5.0MEDIUM

EPSS

1.5%

top 18.89%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Redhat Jboss Communications Platform Redhat Jboss Enterprise Application Platform Redhat Jboss Enterprise Brms Platform +1 more

Timeline

PublishedFeb 10

Latest updateMay 17

Description

JBoss Web, as used in Red Hat JBoss Communications Platform before 5.1.3, Enterprise Web Platform before 5.1.2, Enterprise Application Platform before 5.1.2, and other products, allows remote attackers to cause a denial of service (infinite loop) via vectors related to a crafted UTF-8 and a "surrogate pair character" that is "at the boundary of an internal buffer."

CVSS vector

AV:N/AC:L/C:N/I:N/A:PExploitability: 10.0 | Impact: 2.9

Affected Packages4 packages

▶NVDredhat/jboss_enterprise_application_platform5.1.2

▶NVDredhat/jboss_enterprise_web_platform5.1.2

▶NVDredhat/jboss_enterprise_brms_platform5.1.0

▶NVDredhat/jboss_communications_platform5.1

🔴Vulnerability Details

GHSA

GHSA-hh9c-c3q8-gv72: JBoss Web, as used in Red Hat JBoss Communications Platform before 5↗2022-05-17

▶

CVEList

CVE-2011-4610: JBoss Web, as used in Red Hat JBoss Communications Platform before 5↗2014-02-10

▶

📋Vendor Advisories

Red Hat

JBoss Web remote denial of service when surrogate pair character is placed at buffer boundary↗2012-01-31

▶

💬Community

Bugzilla

CVE-2011-4610 JBoss Web remote denial of service when surrogate pair character is placed at buffer boundary↗2011-12-15

▶