Описание
CiphertextHeader.java in Cryptacular 1.2.3, as used in Apereo CAS and other products, allows attackers to trigger excessive memory allocation during a decode operation, because the nonce array length associated with "new byte" may depend on untrusted input within the header of encoded data.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat Decision Manager 7 | cryptacular | Not affected | ||
| Red Hat JBoss Fuse 6 | cryptacular | Out of support scope | ||
| Red Hat OpenShift Application Runtimes | cryptacular | Affected | ||
| Red Hat Process Automation 7 | cryptacular | Not affected | ||
| Red Hat Fuse 7.8.0 | cryptacular | Fixed | RHSA-2020:5568 | 16.12.2020 |
| Red Hat JBoss EAP 7 | cryptacular | Fixed | RHSA-2020:2515 | 10.06.2020 |
| Red Hat JBoss EAP 7.2 | cryptacular | Fixed | RHSA-2020:2061 | 11.05.2020 |
| Red Hat JBoss Enterprise Application Platform 7.2 for RHEL 6 | eap7-activemq-artemis | Fixed | RHSA-2020:2058 | 11.05.2020 |
| Red Hat JBoss Enterprise Application Platform 7.2 for RHEL 6 | eap7-apache-cxf | Fixed | RHSA-2020:2058 | 11.05.2020 |
| Red Hat JBoss Enterprise Application Platform 7.2 for RHEL 6 | eap7-bouncycastle | Fixed | RHSA-2020:2058 | 11.05.2020 |
Показывать по
10
Дополнительная информация
Статус:
Moderate
Дефект:
CWE-770
https://bugzilla.redhat.com/show_bug.cgi?id=1801380cryptacular: excessive memory allocation during a decode operation
EPSS
Процентиль: 87%
0.03282
Низкий
7.5 High
CVSS3
Связанные уязвимости
CVSS3: 7.5
nvd
около 6 лет назад
CiphertextHeader.java in Cryptacular 1.2.3, as used in Apereo CAS and other products, allows attackers to trigger excessive memory allocation during a decode operation, because the nonce array length associated with "new byte" may depend on untrusted input within the header of encoded data.
EPSS
Процентиль: 87%
0.03282
Низкий
7.5 High
CVSS3