CVE-2023-5685: Xnio: stackoverflowexception when the chain of notifier states becomes problematically big

Description

A flaw was found in XNIO. The XNIO NotifierState that can cause a Stack Overflow Exception when the chain of notifier states becomes problematically large can lead to uncontrolled resource management and a possible denial of service (DoS).

Classification

CVE ID: CVE-2023-5685

Affected Products

Vendor: Red Hat

Product: EAP 7.4.14

Exploit Prediction Scoring System (EPSS)

EPSS Score: 0.04% (probability of being exploited)

EPSS Percentile: 15.23% (scored less or equal to compared to others)

EPSS Date: 2025-02-03 (when was this score calculated)

References

https://access.redhat.com/errata/RHSA-2023:7637
https://access.redhat.com/errata/RHSA-2023:7638
https://access.redhat.com/errata/RHSA-2023:7639
https://access.redhat.com/errata/RHSA-2023:7641
https://access.redhat.com/errata/RHSA-2024:10207
https://access.redhat.com/errata/RHSA-2024:10208
https://access.redhat.com/errata/RHSA-2024:2707
https://access.redhat.com/security/cve/CVE-2023-5685
https://bugzilla.redhat.com/show_bug.cgi?id=2241822

Timeline

2024-11-27 14:41:47 UTC
CVE

Xnio: stackoverflowexception when the chain of notifier states becomes problematically big