CVE-2023-5685

State: PUBLISHED · Published: 2024-03-22 · Updated: 2025-11-07 · Assigner: redhat

Description

A flaw was found in XNIO. The XNIO NotifierState that can cause a Stack Overflow Exception when the chain of notifier states becomes problematically large can lead to uncontrolled resource management and a possible denial of service (DoS).

CWE

CWE-400 — Uncontrolled Resource Consumption

Affected

Red Hat / Red Hat build of Apache Camel 4.4.0 for Spring Boot —
Red Hat / Red Hat JBoss Enterprise Application Platform 7 —
Red Hat / Red Hat JBoss Enterprise Application Platform 7.1 EUS for RHEL 7 — v=0:3.1.16-3.SP1_redhat_00001.1.ep7.el7 <* [unaffected]
Red Hat / Red Hat JBoss Enterprise Application Platform 7.1 EUS for RHEL 7 — v=0:1.7.6-2.redhat_00003.1.ep7.el7 <* [unaffected]
Red Hat / Red Hat JBoss Enterprise Application Platform 7.1 EUS for RHEL 7 — v=0:1.68.0-1.redhat_00005.1.ep7.el7 <* [unaffected]
Red Hat / Red Hat JBoss Enterprise Application Platform 7.1 EUS for RHEL 7 — v=0:1.4.197-2.redhat_00005.1.ep7.el7 <* [unaffected]
Red Hat / Red Hat JBoss Enterprise Application Platform 7.1 EUS for RHEL 7 — v=0:2.8.11.6-1.SP1_redhat_00001.1.ep7.el7 <* [unaffected]
Red Hat / Red Hat JBoss Enterprise Application Platform 7.1 EUS for RHEL 7 — v=0:2.0.15-1.Final_redhat_00001.1.ep7.el7 <* [unaffected]
Red Hat / Red Hat JBoss Enterprise Application Platform 7.1 EUS for RHEL 7 — v=0:3.5.10-1.Final_redhat_00001.1.ep7.el7 <* [unaffected]
Red Hat / Red Hat JBoss Enterprise Application Platform 7.1 EUS for RHEL 7 — v=0:7.1.8-2.GA_redhat_00002.1.ep7.el7 <* [unaffected]
Red Hat / Red Hat JBoss Enterprise Application Platform 7.1 EUS for RHEL 7 — v=0:2.7.1-26.redhat_00015.1.ep7.el7 <* [unaffected]
Red Hat / Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7 — v=0:3.4.10-1.SP1_redhat_00001.1.el7eap <* [unaffected]
Red Hat / Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7 — v=0:1.7.6-8.redhat_00003.1.el7eap <* [unaffected]
Red Hat / Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7 — v=0:1.4.197-3.redhat_00004.1.el7eap <* [unaffected]
Red Hat / Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7 — v=0:2.0.1-4.Final_redhat_00001.1.el7eap <* [unaffected]
Red Hat / Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7 — v=0:2.0.15-1.Final_redhat_00001.1.el7eap <* [unaffected]
Red Hat / Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7 — v=0:1.7.2-12.Final_redhat_00013.1.el7eap <* [unaffected]
Red Hat / Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7 — v=0:3.7.13-1.Final_redhat_00001.1.el7eap <* [unaffected]
Red Hat / Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7 — v=0:1.2.2-2.Final_redhat_00002.1.el7eap <* [unaffected]
Red Hat / Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7 — v=0:7.3.11-4.GA_redhat_00002.1.el7eap <* [unaffected]
Red Hat / Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7 — v=0:2.3.3-2.redhat_00001.1.el7eap <* [unaffected]
Red Hat / Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7 — v=0:2.7.1-38.redhat_00015.1.el7eap <* [unaffected]
Red Hat / Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7 — v=0:2.2.3-2.redhat_00001.1.el7eap <* [unaffected]
Red Hat / Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 8 — v=0:3.8.11-1.SP1_redhat_00001.1.el8eap <* [unaffected]
Red Hat / Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 9 — v=0:3.8.11-1.SP1_redhat_00001.1.el9eap <* [unaffected]
Red Hat / Red Hat JBoss Enterprise Application Platform 7.4 on RHEL 7 — v=0:3.8.11-1.SP1_redhat_00001.1.el7eap <* [unaffected]
Red Hat / Red Hat build of Apache Camel for Spring Boot 3 —
Red Hat / Red Hat build of Apache Camel - HawtIO 4 —
Red Hat / Red Hat Build of Keycloak —
Red Hat / Red Hat Data Grid 8 —
Red Hat / Red Hat Integration Camel K 1 —
Red Hat / Red Hat JBoss Data Grid 7 —
Red Hat / Red Hat JBoss Enterprise Application Platform 8 —
Red Hat / Red Hat JBoss Enterprise Application Platform Expansion Pack —
Red Hat / Red Hat JBoss Fuse Service Works 6 —
Red Hat / Red Hat Process Automation 7 —
Red Hat / Red Hat Single Sign-On 7 —

CVSS

3.1 score=7.5 severity=HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

References

https://access.redhat.com/errata/RHSA-2023:7637 vendor-advisory, x_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2023:7638 vendor-advisory, x_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2023:7639 vendor-advisory, x_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2023:7641 vendor-advisory, x_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2024:10207 vendor-advisory, x_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2024:10208 vendor-advisory, x_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2024:2707 vendor-advisory, x_refsource_REDHAT
https://access.redhat.com/security/cve/CVE-2023-5685 vdb-entry, x_refsource_REDHAT
https://bugzilla.redhat.com/show_bug.cgi?id=2241822 issue-tracking, x_refsource_REDHAT

Source

cvelistV5-main/cves/2023/5xxx/CVE-2023-5685.json