github - ghsa-r69p-rc7c-rr2m

ghsa-r69p-rc7c-rr2m

Vulnerability from github

Published

2022-05-13 01:33

Modified

2022-05-13 01:33

Severity

7.5 (High) - CVSS_V3 - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Details

A vulnerability was found in the way RemoteMessageChannel, introduced in jboss-remoting versions 3.3.10, reads from an empty buffer. An attacker could use this flaw to cause denial of service via high CPU caused by an infinite loop.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2018-1041"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-835"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2018-02-15T17:29:00Z",
    "severity": "HIGH"
  },
  "details": "A vulnerability was found in the way RemoteMessageChannel, introduced in jboss-remoting versions 3.3.10, reads from an empty buffer. An attacker could use this flaw to cause denial of service via high CPU caused by an infinite loop.",
  "id": "GHSA-r69p-rc7c-rr2m",
  "modified": "2022-05-13T01:33:35Z",
  "published": "2022-05-13T01:33:35Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-1041"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/errata/RHSA-2018:0268"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/errata/RHSA-2018:0269"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/errata/RHSA-2018:0270"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/errata/RHSA-2018:0271"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/errata/RHSA-2018:0275"
    },
    {
      "type": "WEB",
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1530457"
    },
    {
      "type": "WEB",
      "url": "https://www.exploit-db.com/exploits/44099"
    },
    {
      "type": "WEB",
      "url": "http://www.securitytracker.com/id/1040323"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

cve-2018-1041

Vulnerability from cvelistv5

Published

2018-02-15 17:00

Modified

2024-08-05 03:44

Severity

Summary

A vulnerability was found in the way RemoteMessageChannel, introduced in jboss-remoting versions 3.3.10, reads from an empty buffer. An attacker could use this flaw to cause denial of service via high CPU caused by an infinite loop.

References

URL	Tags
https://www.exploit-db.com/exploits/44099/	exploit, x_refsource_EXPLOIT-DB
https://access.redhat.com/errata/RHSA-2018:0269	vendor-advisory, x_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2018:0270	vendor-advisory, x_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2018:0271	vendor-advisory, x_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2018:0268	vendor-advisory, x_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2018:0275	vendor-advisory, x_refsource_REDHAT
http://www.securitytracker.com/id/1040323	vdb-entry, x_refsource_SECTRACK
https://bugzilla.redhat.com/show_bug.cgi?id=1530457	x_refsource_CONFIRM

Impacted products

Vendor	Product
Red Hat, Inc.	jboss-remoting

Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T03:44:11.948Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "44099",
            "tags": [
              "exploit",
              "x_refsource_EXPLOIT-DB",
              "x_transferred"
            ],
            "url": "https://www.exploit-db.com/exploits/44099/"
          },
          {
            "name": "RHSA-2018:0269",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2018:0269"
          },
          {
            "name": "RHSA-2018:0270",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2018:0270"
          },
          {
            "name": "RHSA-2018:0271",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2018:0271"
          },
          {
            "name": "RHSA-2018:0268",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2018:0268"
          },
          {
            "name": "RHSA-2018:0275",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2018:0275"
          },
          {
            "name": "1040323",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1040323"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1530457"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "jboss-remoting",
          "vendor": "Red Hat, Inc.",
          "versions": [
            {
              "status": "affected",
              "version": "since 3.3.10"
            }
          ]
        }
      ],
      "datePublic": "2018-02-05T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "A vulnerability was found in the way RemoteMessageChannel, introduced in jboss-remoting versions 3.3.10, reads from an empty buffer. An attacker could use this flaw to cause denial of service via high CPU caused by an infinite loop."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-835",
              "description": "CWE-835",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-02-18T10:57:01",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "references": [
        {
          "name": "44099",
          "tags": [
            "exploit",
            "x_refsource_EXPLOIT-DB"
          ],
          "url": "https://www.exploit-db.com/exploits/44099/"
        },
        {
          "name": "RHSA-2018:0269",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2018:0269"
        },
        {
          "name": "RHSA-2018:0270",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2018:0270"
        },
        {
          "name": "RHSA-2018:0271",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2018:0271"
        },
        {
          "name": "RHSA-2018:0268",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2018:0268"
        },
        {
          "name": "RHSA-2018:0275",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2018:0275"
        },
        {
          "name": "1040323",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id/1040323"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1530457"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2018-1041",
    "datePublished": "2018-02-15T17:00:00Z",
    "dateReserved": "2017-12-04T00:00:00",
    "dateUpdated": "2024-08-05T03:44:11.948Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Log in or create an account to share your comment.

Tags

Taxonomy of the tags.