Unrated severityNVD Advisory· Published Dec 27, 2023· Updated Aug 2, 2024
Eap-7: heap exhaustion via deserialization
CVE-2023-3171
Description
A flaw was found in EAP-7 during deserialization of certain classes, which permits instantiation of HashMap and HashTable with no checks on resources consumed. This issue could allow an attacker to submit malicious requests using these classes, which could eventually exhaust the heap and result in a Denial of Service.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
5- Red Hat/EAP 7.4.13v5cpe:/a:redhat:jboss_enterprise_application_platform:7.4
cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el7+ 2 more
- cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el7range: 0:1.15.20-1.Final_redhat_00001.1.el7eap
- cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el8range: 0:1.15.20-1.Final_redhat_00001.1.el8eap
- cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el9range: 0:1.15.20-1.Final_redhat_00001.1.el9eap
Patches
Vulnerability mechanics
References
6- access.redhat.com/errata/RHSA-2023:5484mitrevendor-advisoryx_refsource_REDHAT
- access.redhat.com/errata/RHSA-2023:5485mitrevendor-advisoryx_refsource_REDHAT
- access.redhat.com/errata/RHSA-2023:5486mitrevendor-advisoryx_refsource_REDHAT
- access.redhat.com/errata/RHSA-2023:5488mitrevendor-advisoryx_refsource_REDHAT
- access.redhat.com/security/cve/CVE-2023-3171mitrevdb-entryx_refsource_REDHAT
- bugzilla.redhat.com/show_bug.cgimitreissue-trackingx_refsource_REDHAT
News mentions
0No linked articles in our index yet.