CVE-2023-5685 – org.jboss.xnio:xnio-api

Package

Manager: maven
Name: org.jboss.xnio:xnio-api
Vulnerable Version: >=0 <3.8.14.final

Severity

Level: High

CVSS v3.1: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N

EPSS: 0.00383 pctl0.58842

Details

XNIO denial of service vulnerability A flaw was found in XNIO. The XNIO NotifierState that can cause a Stack Overflow Exception when the chain of notifier states becomes problematically large can lead to uncontrolled resource management and a possible denial of service (DoS). Version 3.8.14.Final is expected to contain a fix.

Metadata

Created: 2024-03-22T21:30:56Z
Modified: 2024-11-26T03:36:37Z
Source: https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2024/03/GHSA-7f88-5hhx-67m2/GHSA-7f88-5hhx-67m2.json
CWE IDs: ["CWE-400"]
Alternative ID: GHSA-7f88-5hhx-67m2
Finding: F002
Auto approve: 1