VYPR
Unrated severityNVD Advisory· Published Dec 27, 2023· Updated Aug 2, 2024

Eap-7: heap exhaustion via deserialization

CVE-2023-3171

Description

A flaw was found in EAP-7 during deserialization of certain classes, which permits instantiation of HashMap and HashTable with no checks on resources consumed. This issue could allow an attacker to submit malicious requests using these classes, which could eventually exhaust the heap and result in a Denial of Service.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

5
  • Red Hat/EAP 7.4.13v5
    cpe:/a:redhat:jboss_enterprise_application_platform:7.4
  • cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el7+ 2 more
    • cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el7range: 0:1.15.20-1.Final_redhat_00001.1.el7eap
    • cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el8range: 0:1.15.20-1.Final_redhat_00001.1.el8eap
    • cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el9range: 0:1.15.20-1.Final_redhat_00001.1.el9eap
  • Red Hat/EAP 7llm-fuzzy
    Range: <=7.1.x (affected component, see advisories)

Patches

Vulnerability mechanics

References

6

News mentions

0

No linked articles in our index yet.