vulnerability
Red Hat JBoss EAP: CVE-2023-3223: Memory Allocation with Excessive Size Value
| Severity | CVSS | Published | Added | Modified |
|---|---|---|---|---|
| 8 | (AV:N/AC:L/Au:N/C:N/I:N/A:C) | Aug 7, 2023 | Sep 19, 2024 | Jul 2, 2025 |
Severity
8
CVSS
(AV:N/AC:L/Au:N/C:N/I:N/A:C)
Published
Aug 7, 2023
Added
Sep 19, 2024
Modified
Jul 2, 2025
Description
A flaw was found in undertow. Servlets annotated with @MultipartConfig may cause an OutOfMemoryError due to large multipart content. This may allow unauthorized users to cause remote Denial of Service (DoS) attack. If the server uses fileSizeThreshold to limit the file size, it's possible to bypass the limit by setting the file name in the request to null.. A flaw was found in undertow. Servlets annotated with @MultipartConfig may cause an OutOfMemoryError due to large multipart content. This may allow unauthorized users to cause remote Denial of Service (DoS) attack. If the server uses fileSizeThreshold to limit the file size, it's possible to bypass the limit by setting the file name in the request to null.
Solution
red-hat-jboss-eap-upgrade-latest
References
- CWE-789
- CVE-2023-3223
- https://attackerkb.com/topics/CVE-2023-3223
- URL-https://access.redhat.com/security/cve/CVE-2023-3223
- URL-https://bugzilla.redhat.com/show_bug.cgi?id=2209689
- URL-https://access.redhat.com/errata/RHSA-2023:4505
- URL-https://access.redhat.com/errata/RHSA-2023:4506
- URL-https://access.redhat.com/errata/RHSA-2023:4507
- URL-https://access.redhat.com/errata/RHSA-2023:4509
NEW
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.