vulnerability
Red Hat JBoss EAP: CVE-2020-7226: Allocation of Resources Without Limits or Throttling
| Severity | CVSS | Published | Added | Modified |
|---|---|---|---|---|
| 5 | (AV:N/AC:L/Au:N/C:N/I:N/A:P) | Jan 24, 2020 | Sep 19, 2024 | Jul 2, 2025 |
Severity
5
CVSS
(AV:N/AC:L/Au:N/C:N/I:N/A:P)
Published
Jan 24, 2020
Added
Sep 19, 2024
Modified
Jul 2, 2025
Description
CiphertextHeader.java in Cryptacular 1.2.3, as used in Apereo CAS and other products, allows attackers to trigger excessive memory allocation during a decode operation, because the nonce array length associated with "new byte" may depend on untrusted input within the header of encoded data.
Solution
red-hat-jboss-eap-upgrade-latest
References
- CWE-770
- CVE-2020-7226
- https://attackerkb.com/topics/CVE-2020-7226
- URL-https://access.redhat.com/security/cve/CVE-2020-7226
- URL-https://bugzilla.redhat.com/show_bug.cgi?id=1801380
- URL-https://access.redhat.com/errata/RHSA-2020:2058
- URL-https://access.redhat.com/errata/RHSA-2020:2059
- URL-https://access.redhat.com/errata/RHSA-2020:2060
- URL-https://access.redhat.com/errata/RHSA-2020:2061
- URL-https://access.redhat.com/errata/RHSA-2020:2511
- URL-https://access.redhat.com/errata/RHSA-2020:2512
- URL-https://access.redhat.com/errata/RHSA-2020:2513
- URL-https://access.redhat.com/errata/RHSA-2020:2515
NEW
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.