CVE-2023-5685

CVSS v2.0

7.8

High

Vector

AV:N/AC:L/Au:N/C:N/I:N/A:C

Name of the Vulnerable Software and Affected Versions XNIO versions prior to 3.8.14.Final

Description A flaw was found in XNIO, specifically in the NotifierState, which can cause a Stack Overflow Exception when the chain of notifier states becomes large. This can lead to uncontrolled resource management and a possible denial of service (DoS). The issue is related to uncontrolled resource consumption in the NotifierState, allowing a remote attacker to cause a denial of service.

Recommendations For versions prior to 3.8.14.Final, update to version 3.8.14.Final to resolve the issue. As a temporary workaround, consider restricting the size of the notifier state chain to prevent the Stack Overflow Exception.

Fix

DoS

Resource Exhaustion

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-400

Related Identifiers

BDU:2024-04794

CVE-2023-5685

GHSA-7F88-5HHX-67M2

RHSA-2023:7637

RHSA-2023:7638

RHSA-2023:7639

RHSA-2024:10207

RHSA-2024:10208

Affected Products

Debian

Xnio

CVE-2023-5685

Weakness Enumeration

Related Identifiers

Affected Products

References · 29