CVE-2022-0084

Опубликовано: 15 мар. 2022

Источник: redhat

CVSS3: 7.5

EPSS Низкий

Описание

A flaw was found in XNIO, specifically in the notifyReadClosed method. The issue revealed this method was logging a message to another expected end. This flaw allows an attacker to send flawed requests to a server, possibly causing log contention-related performance concerns or an unwanted disk fill-up.

Отчет

Although the CVSS stands for 7.5 score, the impact remains Moderate as it demands previous knowledge of the environment to trigger the Denial of Service (DoS)

Затронутые пакеты

Платформа	Пакет	Состояние
Red Hat Decision Manager 7	xnio	Not affected
Red Hat Integration Camel K 1	xnio	Will not fix
Red Hat Integration Camel Quarkus 1	xnio	Will not fix
Red Hat Integration Data Virtualisation Operator	xnio	Out of support scope
Red Hat JBoss Data Grid 7	xnio	Out of support scope
Red Hat JBoss Data Virtualization 6	xnio	Out of support scope
Red Hat JBoss Enterprise Application Platform 6	jbossas-modules-eap	Out of support scope
Red Hat JBoss Enterprise Application Platform 6	jboss-on	Out of support scope
Red Hat JBoss Enterprise Application Platform 6	jboss-xnio-base	Out of support scope
Red Hat JBoss Enterprise Application Platform 6	keycloak-adapter-eap6	Out of support scope

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Moderate

Дефект:

CWE-770

https://bugzilla.redhat.com/show_bug.cgi?id=2064226xnio: org.xnio.StreamConnection.notifyReadClosed log to debug instead of stderr

EPSS

Процентиль: 64%

0.00465

Низкий

7.5 High

CVSS3

Связанные уязвимости

CVE-2022-0084

CVSS3: 7.5

ubuntu

больше 3 лет назад

CVE-2022-0084

CVSS3: 7.5

nvd

больше 3 лет назад

CVE-2022-0084

CVSS3: 7.5

debian

больше 3 лет назад

A flaw was found in XNIO, specifically in the notifyReadClosed method. ...

GHSA-76fg-mhrg-fmmg

CVSS3: 7.5

github

больше 3 лет назад

XNIO `notifyReadClosed` method logging message to unexpected end

EPSS

Процентиль: 64%

0.00465

Низкий

7.5 High

CVSS3