CVE-2023-3171
CVSS 3.1 Score 7.5 of 10 (high)
Details
Summary
CVE-2023-3171 is a vulnerability affecting EAP-7, a protocol used for secure communication between devices. The issue lies in the deserialization process of certain classes in EAP-7, which fails to check resource consumption during instantiation of HashMap and HashTable. An attacker can exploit this flaw by submitting malicious requests using these classes, resulting in unchecked resource consumption and potential Denial of Service (DoS) attacks due to heap exhaustion. This vulnerability poses a serious risk and requires immediate attention from organizations using EAP-7.
Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.
Affected Products
- Red Hat Jboss Enterprise Application Platform
Affected Vendors
- Red Hat