CVE-2023-5685 | THREATINT

Description

A flaw was found in XNIO. The XNIO NotifierState that can cause a Stack Overflow Exception when the chain of notifier states becomes problematically large can lead to uncontrolled resource management and a possible denial of service (DoS).

PUBLISHED Reserved 2023-10-20 | Published 2024-03-22 | Updated 2025-10-23 | Assigner redhat

HIGH: 7.5CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Problem types

Uncontrolled Resource Consumption

Product status

Default status

unaffected

Default status

unaffected

Default status

affected

0:3.1.16-3.SP1_redhat_00001.1.ep7.el7 (rpm) before *

unaffected

Default status

affected

0:1.7.6-2.redhat_00003.1.ep7.el7 (rpm) before *

unaffected

Default status

affected

0:1.68.0-1.redhat_00005.1.ep7.el7 (rpm) before *

unaffected

Default status

affected

0:1.4.197-2.redhat_00005.1.ep7.el7 (rpm) before *

unaffected

Default status

affected

0:2.8.11.6-1.SP1_redhat_00001.1.ep7.el7 (rpm) before *

unaffected

Default status

affected

0:2.0.15-1.Final_redhat_00001.1.ep7.el7 (rpm) before *

unaffected

Default status

affected

0:3.5.10-1.Final_redhat_00001.1.ep7.el7 (rpm) before *

unaffected

Default status

affected

0:7.1.8-2.GA_redhat_00002.1.ep7.el7 (rpm) before *

unaffected

Default status

affected

0:2.7.1-26.redhat_00015.1.ep7.el7 (rpm) before *

unaffected

Default status

affected

0:3.4.10-1.SP1_redhat_00001.1.el7eap (rpm) before *

unaffected

Default status

affected

0:1.7.6-8.redhat_00003.1.el7eap (rpm) before *

unaffected

Default status

affected

0:1.4.197-3.redhat_00004.1.el7eap (rpm) before *

unaffected

Default status

affected

0:2.0.1-4.Final_redhat_00001.1.el7eap (rpm) before *

unaffected

Default status

affected

0:2.0.15-1.Final_redhat_00001.1.el7eap (rpm) before *

unaffected

Default status

affected

0:1.7.2-12.Final_redhat_00013.1.el7eap (rpm) before *

unaffected

Default status

affected

0:3.7.13-1.Final_redhat_00001.1.el7eap (rpm) before *

unaffected

Default status

affected

0:1.2.2-2.Final_redhat_00002.1.el7eap (rpm) before *

unaffected

Default status

affected

0:7.3.11-4.GA_redhat_00002.1.el7eap (rpm) before *

unaffected

Default status

affected

0:2.3.3-2.redhat_00001.1.el7eap (rpm) before *

unaffected

Default status

affected

0:2.7.1-38.redhat_00015.1.el7eap (rpm) before *

unaffected

Default status

affected

0:2.2.3-2.redhat_00001.1.el7eap (rpm) before *

unaffected

Default status

affected

0:3.8.11-1.SP1_redhat_00001.1.el8eap (rpm) before *

unaffected

Default status

affected

0:3.8.11-1.SP1_redhat_00001.1.el9eap (rpm) before *

unaffected

Default status

affected

0:3.8.11-1.SP1_redhat_00001.1.el7eap (rpm) before *

unaffected

Default status

unaffected

Default status

affected

Default status

unaffected

Default status

unaffected

Default status

affected

Default status

unknown

Default status

unaffected

Default status

unaffected

Default status

unknown

Default status

affected

Default status

unaffected

Timeline

2023-10-02:	Reported to Red Hat.
2024-03-05:	Made public.

References

access.redhat.com/errata/RHSA-2023:7637 (RHSA-2023:7637) vendor-advisory

access.redhat.com/errata/RHSA-2023:7638 (RHSA-2023:7638) vendor-advisory

access.redhat.com/errata/RHSA-2023:7639 (RHSA-2023:7639) vendor-advisory

access.redhat.com/errata/RHSA-2023:7641 (RHSA-2023:7641) vendor-advisory

access.redhat.com/errata/RHSA-2024:2707 (RHSA-2024:2707) vendor-advisory

access.redhat.com/security/cve/CVE-2023-5685 vdb-entry

bugzilla.redhat.com/show_bug.cgi?id=2241822 (RHBZ#2241822) issue-tracking

access.redhat.com/errata/RHSA-2023:7637 (RHSA-2023:7637) vendor-advisory

access.redhat.com/errata/RHSA-2023:7638 (RHSA-2023:7638) vendor-advisory

access.redhat.com/errata/RHSA-2023:7639 (RHSA-2023:7639) vendor-advisory

access.redhat.com/errata/RHSA-2023:7641 (RHSA-2023:7641) vendor-advisory

access.redhat.com/errata/RHSA-2024:10207 (RHSA-2024:10207) vendor-advisory

access.redhat.com/errata/RHSA-2024:10208 (RHSA-2024:10208) vendor-advisory

access.redhat.com/errata/RHSA-2024:2707 (RHSA-2024:2707) vendor-advisory

access.redhat.com/security/cve/CVE-2023-5685 vdb-entry

bugzilla.redhat.com/show_bug.cgi?id=2241822 (RHBZ#2241822) issue-tracking

cve.org (CVE-2023-5685)

nvd.nist.gov (CVE-2023-5685)

Download JSON