PT-2021-21255 · Red Hat · Keycloak

Paramvir Jindal

Published

2021-07-09

Updated

2021-07-13

CVE-2021-3637

CVSS v3.1

7.5

High

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Name of the Vulnerable Software and Affected Versions keycloak versions prior to 14.0.0

Description A flaw was found in keycloak-model-infinispan where the authenticationSessions map in RootAuthenticationSessionEntity grows boundlessly, which could lead to a Denial of Service (DoS) attack.

Recommendations For versions prior to 14.0.0, update to version 14.0.0 or later to resolve the issue.

Fix

DoS

Allocation of Resources Without Limits

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-770

Related Identifiers

CVE-2021-3637

GHSA-2VP8-JV5V-6QH6

RHSA-2021:3527

RHSA-2021:3528

RHSA-2021:3529

Affected Products

Keycloak

PT-2021-21255 · Red Hat · Keycloak

CVE-2021-3637

Weakness Enumeration

Related Identifiers

Affected Products

References · 5