CVE-2023-3171Memory Allocation with Excessive Size Value in Redhat Jboss Enterprise Application Platform

CWE-789Memory Allocation with Excessive Size ValueCWE-770Allocation of Resources Without Limits or Throttling9 documents6 sources
Severity
7.5HIGHNVD
EPSS
0.2%
top 60.33%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Redhat Jboss Enterprise Application Platform
Timeline
PublishedDec 27
Latest updateFeb 20

Description

A flaw was found in EAP-7 during deserialization of certain classes, which permits instantiation of HashMap and HashTable with no checks on resources consumed. This issue could allow an attacker to submit malicious requests using these classes, which could eventually exhaust the heap and result in a Denial of Service.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:HExploitability: 3.9 | Impact: 3.6

Affected Packages1 packages

🔴Vulnerability Details

2
CVEList
Eap-7: heap exhaustion via deserialization2023-12-27
GHSA
GHSA-gpgq-5q34-mh72: A flaw was found in EAP-7 during deserialization of certain classes, which permits instantiation of HashMap and HashTable with no checks on resources2023-12-27

📋Vendor Advisories

6
Chrome
Stable Channel Update for Desktop: CVE-2024-31712024-02-20
Oracle
Oracle Oracle GoldenGate Risk Matrix: Veridata (Google Protobuf-Java) — CVE-2022-31712023-10-15
Red Hat
eap-7: heap exhaustion via deserialization2023-10-05
Oracle
Oracle Oracle Financial Services Applications Risk Matrix: Accessibility (Google Protobuf-Java) — CVE-2022-31712023-07-15
Oracle
Oracle Oracle Communications Applications Risk Matrix: Core (Google Protobuf-Java) — CVE-2022-31712023-04-15