CVE-2023-3171

CVSS 3.1 Score 7.5 of 10 (high)

Details

Published Dec 27, 2023
Updated: Jan 4, 2024
CWE ID 789
CWE ID 770

Summary

CVE-2023-3171 is a vulnerability affecting EAP-7, a protocol used for secure communication between devices. The issue lies in the deserialization process of certain classes in EAP-7, which fails to check resource consumption during instantiation of HashMap and HashTable. An attacker can exploit this flaw by submitting malicious requests using these classes, resulting in unchecked resource consumption and potential Denial of Service (DoS) attacks due to heap exhaustion. This vulnerability poses a serious risk and requires immediate attention from organizations using EAP-7.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share

Affected Products

  • Red Hat Jboss Enterprise Application Platform

Affected Vendors

  • Red Hat