Public exploit available

Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2018-1041 — Infinite Loop in HAT INC Jboss-remoting

CWE-835 — Infinite Loop7 documents6 sources

Severity

7.5HIGHNVD

EPSS

14.1%

top 5.62%

CISA KEV

Not in KEV

Exploit

PoC available

Public exploit / PoC exists

Affected products

RED HAT INC Jboss-remoting Jboss Jboss-remoting Redhat Jboss Enterprise Application Platform

Timeline

PublishedFeb 15

Latest updateMay 13

Description

A vulnerability was found in the way RemoteMessageChannel, introduced in jboss-remoting versions 3.3.10, reads from an empty buffer. An attacker could use this flaw to cause denial of service via high CPU caused by an infinite loop.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:HExploitability: 3.9 | Impact: 3.6

Affected Packages3 packages

▶NVDjboss/jboss-remoting3.3.10

▶CVEListV5red_hat_inc/jboss-remotingsince 3.3.10

▶NVDredhat/jboss_enterprise_application_platform6.0.0, 6.4.0+1

🔴Vulnerability Details

GHSA

GHSA-r69p-rc7c-rr2m: A vulnerability was found in the way RemoteMessageChannel, introduced in jboss-remoting versions 3↗2022-05-13

▶

CVEList

CVE-2018-1041: A vulnerability was found in the way RemoteMessageChannel, introduced in jboss-remoting versions 3↗2018-02-15

▶

💥Exploits & PoCs

Exploit-DB

Dokany 1.2.0.1000 - Stack-Based Buffer Overflow Privilege Escalation↗2019-01-14

▶

Exploit-DB

JBoss Remoting 6.14.18 - Denial of Service↗2018-02-16

▶

📋Vendor Advisories

Red Hat

jboss-remoting: High CPU Denial of Service↗2018-02-05

▶

💬Community

Bugzilla

CVE-2018-1041 jboss-remoting: High CPU Denial of Service↗2018-01-03

▶