CVE-2024-10270

CVSS v4.0

7.1

High

Vector

AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N

Name of the Vulnerable Software and Affected Versions Keycloak-services (affected versions not specified) Red Hat products (affected versions not specified)

Description A vulnerability was found in the Keycloak-services package. If untrusted data is passed to the SearchQueryUtils method, it could lead to a denial of service (DoS) scenario by exhausting system resources due to a Regex complexity.

Recommendations As a temporary workaround, consider disabling the SearchQueryUtils method until a patch is available. Ensure your systems are updated to the latest versions to mitigate risks. For detailed remediation steps, check the official advisory or Bugzilla report. Apply the latest patches and updates as detailed in RHSA-2024:10177 to mitigate risks.

Fix

DoS

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-73CWE-1333

Related Identifiers

ALT-PU-2025-13422

ALT-PU-2025-2871

BDU:2025-02196

CVE-2024-10270

GHSA-J3X3-R585-4QHG

GHSA-WQ8X-CG39-8MRR

Affected Products

Alt Linux

Keycloak

Keycloak-Services

CVE-2024-10270

Weakness Enumeration

Related Identifiers

Affected Products

References · 34