CVE-2022-0084 — Allocation of Resources Without Limits or Throttling in Redhat Xnio

CWE-770 — Allocation of Resources Without Limits or Throttling8 documents7 sources

Severity

7.5HIGHNVD

EPSS

0.5%

top 35.63%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Redhat Xnio Redhat Single Sign-on

Timeline

PublishedAug 26

Latest updateJan 15

Description

A flaw was found in XNIO, specifically in the notifyReadClosed method. The issue revealed this method was logging a message to another expected end. This flaw allows an attacker to send flawed requests to a server, possibly causing log contention-related performance concerns or an unwanted disk fill-up.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:HExploitability: 3.9 | Impact: 3.6

Affected Packages3 packages

▶NVDredhat/xnio< 3.8.7

▶CVEListV5redhat/xnioFixed in v3.x

▶NVDredhat/single_sign-on7.0

Patches

Patch: github.com ↗Patch: github.com ↗Patch: github.com ↗

🔴Vulnerability Details

OSV

XNIO `notifyReadClosed` method logging message to unexpected end↗2022-08-27

▶

GHSA

XNIO `notifyReadClosed` method logging message to unexpected end↗2022-08-27

▶

OSV

CVE-2022-0084: A flaw was found in XNIO, specifically in the notifyReadClosed method↗2022-08-26

▶

CVEList

CVE-2022-0084: A flaw was found in XNIO, specifically in the notifyReadClosed method↗2022-08-26

▶

📋Vendor Advisories

Oracle

Oracle Oracle Communications Risk Matrix: Configuration (xnio-api) — CVE-2022-0084↗2023-01-15

▶

Red Hat

xnio: org.xnio.StreamConnection.notifyReadClosed log to debug instead of stderr↗2022-03-15

▶

Debian

CVE-2022-0084: jboss-xnio - A flaw was found in XNIO, specifically in the notifyReadClosed method. The issue...↗2022

▶