Description
A flaw was found in XNIO. The XNIO NotifierState that can cause a Stack Overflow Exception when the chain of notifier states becomes problematically large can lead to uncontrolled resource management and a possible denial of service (DoS).
Reserved 2023-10-20 | Published 2024-03-22 | Updated 2025-04-16 | Assigner
redhatHIGH: 7.5CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Problem types
Uncontrolled Resource Consumption
Product status
Default status
unaffected
Default status
unaffected
Default status
affected
0:3.1.16-3.SP1_redhat_00001.1.ep7.el7 before *
unaffected
Default status
affected
0:1.7.6-2.redhat_00003.1.ep7.el7 before *
unaffected
Default status
affected
0:1.68.0-1.redhat_00005.1.ep7.el7 before *
unaffected
Default status
affected
0:1.4.197-2.redhat_00005.1.ep7.el7 before *
unaffected
Default status
affected
0:2.8.11.6-1.SP1_redhat_00001.1.ep7.el7 before *
unaffected
Default status
affected
0:2.0.15-1.Final_redhat_00001.1.ep7.el7 before *
unaffected
Default status
affected
0:3.5.10-1.Final_redhat_00001.1.ep7.el7 before *
unaffected
Default status
affected
0:7.1.8-2.GA_redhat_00002.1.ep7.el7 before *
unaffected
Default status
affected
0:2.7.1-26.redhat_00015.1.ep7.el7 before *
unaffected
Default status
affected
0:3.4.10-1.SP1_redhat_00001.1.el7eap before *
unaffected
Default status
affected
0:1.7.6-8.redhat_00003.1.el7eap before *
unaffected
Default status
affected
0:1.4.197-3.redhat_00004.1.el7eap before *
unaffected
Default status
affected
0:2.0.1-4.Final_redhat_00001.1.el7eap before *
unaffected
Default status
affected
0:2.0.15-1.Final_redhat_00001.1.el7eap before *
unaffected
Default status
affected
0:1.7.2-12.Final_redhat_00013.1.el7eap before *
unaffected
Default status
affected
0:3.7.13-1.Final_redhat_00001.1.el7eap before *
unaffected
Default status
affected
0:1.2.2-2.Final_redhat_00002.1.el7eap before *
unaffected
Default status
affected
0:7.3.11-4.GA_redhat_00002.1.el7eap before *
unaffected
Default status
affected
0:2.3.3-2.redhat_00001.1.el7eap before *
unaffected
Default status
affected
0:2.7.1-38.redhat_00015.1.el7eap before *
unaffected
Default status
affected
0:2.2.3-2.redhat_00001.1.el7eap before *
unaffected
Default status
affected
0:3.8.11-1.SP1_redhat_00001.1.el8eap before *
unaffected
Default status
affected
0:3.8.11-1.SP1_redhat_00001.1.el9eap before *
unaffected
Default status
affected
0:3.8.11-1.SP1_redhat_00001.1.el7eap before *
unaffected
Default status
unaffected
Default status
affected
Default status
unaffected
Default status
unaffected
Default status
affected
Default status
unknown
Default status
unaffected
Default status
unaffected
Default status
unknown
Default status
affected
Default status
unaffected
Timeline
| 2023-10-02: | Reported to Red Hat. |
| 2024-03-05: | Made public. |
References
access.redhat.com/errata/RHSA-2023:7637 (RHSA-2023:7637) vendor-advisory
access.redhat.com/errata/RHSA-2023:7638 (RHSA-2023:7638) vendor-advisory
access.redhat.com/errata/RHSA-2023:7639 (RHSA-2023:7639) vendor-advisory
access.redhat.com/errata/RHSA-2023:7641 (RHSA-2023:7641) vendor-advisory
access.redhat.com/errata/RHSA-2024:10207 (RHSA-2024:10207) vendor-advisory
access.redhat.com/errata/RHSA-2024:10208 (RHSA-2024:10208) vendor-advisory
access.redhat.com/errata/RHSA-2024:2707 (RHSA-2024:2707) vendor-advisory
access.redhat.com/security/cve/CVE-2023-5685 vdb-entry
bugzilla.redhat.com/show_bug.cgi?id=2241822 (RHBZ#2241822) issue-tracking
cve.org (CVE-2023-5685)
nvd.nist.gov (CVE-2023-5685)
Download JSON
