vulnerability
Red Hat JBossEAP: Deserialization of Untrusted Data (CVE-2023-39410)
| Severity | CVSS | Published | Added | Modified |
|---|---|---|---|---|
| 8 | (AV:N/AC:L/Au:N/C:N/I:N/A:C) | 2023-09-29 | 2024-09-19 | 2024-12-20 |
Severity
8
CVSS
(AV:N/AC:L/Au:N/C:N/I:N/A:C)
Published
2023-09-29
Added
2024-09-19
Modified
2024-12-20
Description
When deserializing untrusted or corrupted data, it is possible for a reader to consume memory beyond the allowed constraints and thus lead to out of memory on the system.
This issue affects Java applications using Apache Avro Java SDK up to and including 1.11.2. Users should update to apache-avro version 1.11.3 which addresses this issue.. A flaw was found in apache-avro. When deserializing untrusted or corrupted data, it is possible for a reader to consume memory beyond the allowed constraints, leading to an out-of-memory error and a denial of service on the system.
This issue affects Java applications using Apache Avro Java SDK up to and including 1.11.2. Users should update to apache-avro version 1.11.3 which addresses this issue.. A flaw was found in apache-avro. When deserializing untrusted or corrupted data, it is possible for a reader to consume memory beyond the allowed constraints, leading to an out-of-memory error and a denial of service on the system.
Solution
red-hat-jboss-eap-upgrade-latest
References
- CVE-2023-39410
- https://attackerkb.com/topics/CVE-2023-39410
- URL-https://access.redhat.com/security/cve/CVE-2023-39410
- URL-https://bugzilla.redhat.com/show_bug.cgi?id=2242521
- URL-https://issues.apache.org/jira/browse/AVRO-3819
- URL-https://access.redhat.com/errata/RHSA-2023:7637
- URL-https://access.redhat.com/errata/RHSA-2023:7638
- URL-https://access.redhat.com/errata/RHSA-2023:7639
- URL-https://access.redhat.com/errata/RHSA-2023:7641
NEW
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.