vulnerability
Red Hat JBoss EAP: CVE-2023-3171: Memory Allocation with Excessive Size Value
| Severity | CVSS | Published | Added | Modified |
|---|---|---|---|---|
| 8 | (AV:N/AC:L/Au:N/C:N/I:N/A:C) | Oct 5, 2023 | Sep 19, 2024 | Mar 25, 2026 |
Severity
8
CVSS
(AV:N/AC:L/Au:N/C:N/I:N/A:C)
Published
Oct 5, 2023
Added
Sep 19, 2024
Modified
Mar 25, 2026
Description
A flaw was found in EAP-7 during deserialization of certain classes, which permits instantiation of HashMap and HashTable with no checks on resources consumed. This issue could allow an attacker to submit malicious requests using these classes, which could eventually exhaust the heap and result in a Denial of Service.. A flaw was found in EAP-7 during deserialization of certain classes, which permits instantiation of HashMap and HashTable with no checks on resources consumed. This issue could allow an attacker to submit malicious requests using these classes, which could eventually exhaust the heap and result in a Denial of Service.
Solution
red-hat-jboss-eap-upgrade-latest
References
- CWE-789
- CWE-770
- CVE-2023-3171
- https://attackerkb.com/topics/CVE-2023-3171
- https://access.redhat.com/security/cve/CVE-2023-3171
- https://bugzilla.redhat.com/show_bug.cgi?id=2213639
- https://access.redhat.com/errata/RHSA-2023:5484
- https://access.redhat.com/errata/RHSA-2023:5485
- https://access.redhat.com/errata/RHSA-2023:5486
- https://access.redhat.com/errata/RHSA-2023:5488
- https://euvd.enisa.europa.eu/vulnerability/EUVD-2023-43854
Rapid7 Labs
2026 Global Threat Landscape Report
The predictive window has collapsed. Exploitation follows disclosure in days. See how attackers are accelerating and how to stay ahead.