vulnerability
Red Hat JBoss EAP: CVE-2023-39410: Deserialization of Untrusted Data
| Severity | CVSS | Published | Added | Modified |
|---|---|---|---|---|
| 8 | (AV:N/AC:L/Au:N/C:N/I:N/A:C) | Sep 29, 2023 | Sep 19, 2024 | Mar 25, 2026 |
Severity
8
CVSS
(AV:N/AC:L/Au:N/C:N/I:N/A:C)
Published
Sep 29, 2023
Added
Sep 19, 2024
Modified
Mar 25, 2026
Description
When deserializing untrusted or corrupted data, it is possible for a reader to consume memory beyond the allowed constraints and thus lead to out of memory on the system.
This issue affects Java applications using Apache Avro Java SDK up to and including 1.11.2. Users should update to apache-avro version 1.11.3 which addresses this issue.. A flaw was found in apache-avro. When deserializing untrusted or corrupted data, it is possible for a reader to consume memory beyond the allowed constraints, leading to an out-of-memory error and a denial of service on the system.
This issue affects Java applications using Apache Avro Java SDK up to and including 1.11.2. Users should update to apache-avro version 1.11.3 which addresses this issue.. A flaw was found in apache-avro. When deserializing untrusted or corrupted data, it is possible for a reader to consume memory beyond the allowed constraints, leading to an out-of-memory error and a denial of service on the system.
Solution
red-hat-jboss-eap-upgrade-latest
References
- CWE-502
- CVE-2023-39410
- https://attackerkb.com/topics/CVE-2023-39410
- https://access.redhat.com/security/cve/CVE-2023-39410
- https://bugzilla.redhat.com/show_bug.cgi?id=2242521
- https://issues.apache.org/jira/browse/AVRO-3819
- https://access.redhat.com/errata/RHSA-2023:7637
- https://access.redhat.com/errata/RHSA-2023:7638
- https://access.redhat.com/errata/RHSA-2023:7639
- https://access.redhat.com/errata/RHSA-2023:7641
- https://euvd.enisa.europa.eu/vulnerability/EUVD-2023-0049
Rapid7 Labs
2026 Global Threat Landscape Report
The predictive window has collapsed. Exploitation follows disclosure in days. See how attackers are accelerating and how to stay ahead.