vulnerability
Red Hat JBoss EAP: CVE-2023-3171: Memory Allocation with Excessive Size Value
| Severity | CVSS | Published | Added | Modified |
|---|---|---|---|---|
| 8 | (AV:N/AC:L/Au:N/C:N/I:N/A:C) | Oct 5, 2023 | Sep 19, 2024 | Jul 2, 2025 |
Severity
8
CVSS
(AV:N/AC:L/Au:N/C:N/I:N/A:C)
Published
Oct 5, 2023
Added
Sep 19, 2024
Modified
Jul 2, 2025
Description
A flaw was found in EAP-7 during deserialization of certain classes, which permits instantiation of HashMap and HashTable with no checks on resources consumed. This issue could allow an attacker to submit malicious requests using these classes, which could eventually exhaust the heap and result in a Denial of Service.. A flaw was found in EAP-7 during deserialization of certain classes, which permits instantiation of HashMap and HashTable with no checks on resources consumed. This issue could allow an attacker to submit malicious requests using these classes, which could eventually exhaust the heap and result in a Denial of Service.
Solution
red-hat-jboss-eap-upgrade-latest
References
- CWE-789
- CWE-770
- CVE-2023-3171
- https://attackerkb.com/topics/CVE-2023-3171
- URL-https://access.redhat.com/security/cve/CVE-2023-3171
- URL-https://bugzilla.redhat.com/show_bug.cgi?id=2213639
- URL-https://access.redhat.com/errata/RHSA-2023:5484
- URL-https://access.redhat.com/errata/RHSA-2023:5485
- URL-https://access.redhat.com/errata/RHSA-2023:5486
- URL-https://access.redhat.com/errata/RHSA-2023:5488
NEW
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.