CVE-2020-10758

Name of the Vulnerable Software and Affected Versions Keycloak versions prior to 11.0.1

Description The issue is related to a denial of service (DoS) attack, which can be initiated remotely. It is caused by sending requests with a Content-Length header value that exceeds the actual byte count of the request body, potentially leading to unlimited memory allocation. This can allow an attacker to cause a service disruption. The estimated number of potentially affected devices is not specified.

Recommendations For versions prior to 11.0.1, update to version 11.0.1 or later to resolve the issue. As a temporary workaround, consider restricting access to the Keycloak server to minimize the risk of exploitation. Avoid sending requests with a Content-Length header value that exceeds the actual byte count of the request body until the issue is resolved.