CVE-2023-3171

high

Description

A flaw was found in EAP-7 during deserialization of certain classes, which permits instantiation of HashMap and HashTable with no checks on resources consumed. This issue could allow an attacker to submit malicious requests using these classes, which could eventually exhaust the heap and result in a Denial of Service.

References

Advisories
More

https://access.redhat.com/errata/RHSA-2023:5488

https://access.redhat.com/errata/RHSA-2023:5486

https://access.redhat.com/errata/RHSA-2023:5485

https://access.redhat.com/errata/RHSA-2023:5484

https://bugzilla.redhat.com/show_bug.cgi?id=2213639

https://access.redhat.com/security/cve/CVE-2023-3171

Details

Source: Mitre, NVD

Published: 2023-12-27

Updated: 2024-01-04

Risk Information

CVSS v2

Base Score: 7.8

Vector: CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C

Severity: High

CVSS v3

Base Score: 7.5

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Severity: High

EPSS

EPSS: 0.0108