CVE-2018-10912 in Keycloak and Red Hat Products
Published on July 23, 2018
keycloak before version 4.0.0.final is vulnerable to a infinite loop in session replacement. A Keycloak cluster with multiple nodes could mishandle an expired session replacement and lead to an infinite loop. A malicious authenticated user could use this flaw to achieve Denial of Service on the server.
Weakness Type
What is an Infinite Loop Vulnerability?
The program contains an iteration or loop with an exit condition that cannot be reached, i.e., an infinite loop. If the loop can be influenced by an attacker, this weakness could allow attackers to consume excessive resources such as CPU or memory.
CVE-2018-10912 has been classified to as an Infinite Loop vulnerability or weakness.
Products Associated with CVE-2018-10912
You can be notified by email with stack.watch whenever vulnerabilities like CVE-2018-10912 are published in these products:
Affected Versions
[UNKNOWN] keycloak Version Keycloak 4.0.0.Final is affected by CVE-2018-10912Exploit Probability
EPSS
0.47%
Percentile
64.45%
EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.