CVSS: 7.5EPSS: 0%CPEs: 4EXPL: 0CVE-2022-0084 – xnio: org.xnio.StreamConnection.notifyReadClosed log to debug instead of stderr
https://notcve.org/view.php?id=CVE-2022-0084
A flaw was found in XNIO, specifically in the notifyReadClosed method. The issue revealed this method was logging a message to another expected end. This flaw allows an attacker to send flawed requests to a server, possibly causing log contention-related performance concerns or an unwanted disk fill-up. Se ha encontrado un fallo en XNIO, concretamente en el método notifyReadClosed. El problema reveló que este método estaba registrando un mensaje a otro extremo esperado. • https://access.redhat.com/security/cve/CVE-2022-0084 https://bugzilla.redhat.com/show_bug.cgi?id=2064226 https://github.com/xnio/xnio/commit/fdefb3b8b715d33387cadc4d48991fb1989b0c12 https://github.com/xnio/xnio/pull/291 • CWE-770: Allocation of Resources Without Limits or Throttling •
CVSS: 5.9EPSS: 0%CPEs: 21EXPL: 0CVE-2020-14340 – xnio: file descriptor leak caused by growing amounts of NIO Selector file handles may lead to DoS
https://notcve.org/view.php?id=CVE-2020-14340
A vulnerability was discovered in XNIO where file descriptor leak caused by growing amounts of NIO Selector file handles between garbage collection cycles. It may allow the attacker to cause a denial of service. It affects XNIO versions 3.6.0.Beta1 through 3.8.1.Final. Se detectó una vulnerabilidad en XNIO en la que se produce un filtrado de descriptores de archivos causada por el crecimiento de la cantidad de manejadores de archivos NIO Selector entre los ciclos de recolección de basura. Puede permitir al atacante causar una denegación de servicio. • https://bugzilla.redhat.com/show_bug.cgi?id=1860218 https://www.oracle.com/security-alerts/cpuapr2022.html https://www.oracle.com/security-alerts/cpujan2022.html https://access.redhat.com/security/cve/CVE-2020-14340 • CWE-400: Uncontrolled Resource Consumption •