CVE-2018-1041 – JBoss Remoting 6.14.18 - Denial of Service

https://notcve.org/view.php?id=CVE-2018-1041

A vulnerability was found in the way RemoteMessageChannel, introduced in jboss-remoting versions 3.3.10, reads from an empty buffer. An attacker could use this flaw to cause denial of service via high CPU caused by an infinite loop. Se ha encontrado una vulnerabilidad en la forma en la que RemoteMessageChannel, introducido en las versiones 3.3.10 de jboss-remoting, lee desde un búfer vacío. Un atacante podría emplear este error para provocar una denegación de servicio (DoS) mediante un consumo alto de CPU a través de un bucle infinito. A vulnerability was found in the way RemoteMessageChannel, introduced in jboss-remoting versions 3.3.10.Final-redhat-1, reads from an empty buffer. • https://www.exploit-db.com/exploits/44099 http://www.securitytracker.com/id/1040323 https://access.redhat.com/errata/RHSA-2018:0268 https://access.redhat.com/errata/RHSA-2018:0269 https://access.redhat.com/errata/RHSA-2018:0270 https://access.redhat.com/errata/RHSA-2018:0271 https://access.redhat.com/errata/RHSA-2018:0275 https://bugzilla.redhat.com/show_bug.cgi?id=1530457 https://access.redhat.com/security/cve/CVE-2018-1041 • CWE-835: Loop with Unreachable Exit Condition ('Infinite Loop') •