PT-2023-5739 · Eap-7 · Eap 7

Chess Hazlett

Published

2023-06-08

Updated

2024-01-04

CVE-2023-3171

CVSS v2.0

7.8

High

Vector

AV:N/AC:L/Au:N/C:N/I:N/A:C

Name of the Vulnerable Software and Affected Versions EAP-7 versions (affected versions not specified)

Description A flaw was found in EAP-7 during deserialization of certain classes, which permits instantiation of HashMap and HashTable with no checks on resources consumed. This issue could allow an attacker to submit malicious requests using these classes, which could eventually exhaust the heap and result in a Denial of Service. The vulnerability is related to the deserialization of untrusted data, which can be exploited by a remote attacker to cause a denial of service by sending specially crafted requests.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

DoS

Deserialization of Untrusted Data

Allocation of Resources Without Limits

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-502CWE-770CWE-789

Related Identifiers

BDU:2023-06409

CVE-2023-3171

RHSA-2023:5484

RHSA-2023:5485

RHSA-2023:5486

RHSA-2024:10207

RHSA-2024:10208

Affected Products

Eap 7

PT-2023-5739 · Eap-7 · Eap 7

CVE-2023-3171

Weakness Enumeration

Related Identifiers

Affected Products

References · 13