Xnio NotifierState Chain Overflow Uncontrolled Resource DoS
CVE-2023-5685 Published on March 22, 2024
Xnio: stackoverflowexception when the chain of notifier states becomes problematically big
A flaw was found in XNIO. The XNIO NotifierState that can cause a Stack Overflow Exception when the chain of notifier states becomes problematically large can lead to uncontrolled resource management and a possible denial of service (DoS).
Vulnerability Analysis
CVE-2023-5685 can be exploited with network access, and does not require authorization privileges or user interaction. This vulnerability is considered to have a low attack complexity. The potential impact of an exploit of this vulnerability is considered to have no impact on confidentiality and integrity, and a high impact on availability.
Timeline
Reported to Red Hat.
Made public. 155 days later.
Weakness Type
What is a Resource Exhaustion Vulnerability?
The software does not properly control the allocation and maintenance of a limited resource, thereby enabling an actor to influence the amount of resources consumed, eventually leading to the exhaustion of available resources.
CVE-2023-5685 has been classified to as a Resource Exhaustion vulnerability or weakness.
Products Associated with CVE-2023-5685
You can be notified by email with stack.watch whenever vulnerabilities like CVE-2023-5685 are published in these products:
Affected Versions
Red Hat build of Apache Camel 4.4.0 for Spring Boot: Red Hat JBoss Enterprise Application Platform 7: Red Hat JBoss Enterprise Application Platform 7.1 EUS for RHEL 7:- Version 0:3.1.16-3.SP1_redhat_00001.1.ep7.el7 and below * is unaffected.
- Version 0:1.7.6-2.redhat_00003.1.ep7.el7 and below * is unaffected.
- Version 0:1.68.0-1.redhat_00005.1.ep7.el7 and below * is unaffected.
- Version 0:1.4.197-2.redhat_00005.1.ep7.el7 and below * is unaffected.
- Version 0:2.8.11.6-1.SP1_redhat_00001.1.ep7.el7 and below * is unaffected.
- Version 0:2.0.15-1.Final_redhat_00001.1.ep7.el7 and below * is unaffected.
- Version 0:3.5.10-1.Final_redhat_00001.1.ep7.el7 and below * is unaffected.
- Version 0:7.1.8-2.GA_redhat_00002.1.ep7.el7 and below * is unaffected.
- Version 0:2.7.1-26.redhat_00015.1.ep7.el7 and below * is unaffected.
- Version 0:3.4.10-1.SP1_redhat_00001.1.el7eap and below * is unaffected.
- Version 0:1.7.6-8.redhat_00003.1.el7eap and below * is unaffected.
- Version 0:1.4.197-3.redhat_00004.1.el7eap and below * is unaffected.
- Version 0:2.0.1-4.Final_redhat_00001.1.el7eap and below * is unaffected.
- Version 0:2.0.15-1.Final_redhat_00001.1.el7eap and below * is unaffected.
- Version 0:1.7.2-12.Final_redhat_00013.1.el7eap and below * is unaffected.
- Version 0:3.7.13-1.Final_redhat_00001.1.el7eap and below * is unaffected.
- Version 0:1.2.2-2.Final_redhat_00002.1.el7eap and below * is unaffected.
- Version 0:7.3.11-4.GA_redhat_00002.1.el7eap and below * is unaffected.
- Version 0:2.3.3-2.redhat_00001.1.el7eap and below * is unaffected.
- Version 0:2.7.1-38.redhat_00015.1.el7eap and below * is unaffected.
- Version 0:2.2.3-2.redhat_00001.1.el7eap and below * is unaffected.
- Version 0:3.8.11-1.SP1_redhat_00001.1.el8eap and below * is unaffected.
- Version 0:3.8.11-1.SP1_redhat_00001.1.el9eap and below * is unaffected.
- Version 0:3.8.11-1.SP1_redhat_00001.1.el7eap and below * is unaffected.
Exploit Probability
EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.