CVE-2018-1041
JBoss Remoting 6.14.18 - Denial of Service
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
2Exploited in Wild
-Decision
Descriptions
A vulnerability was found in the way RemoteMessageChannel, introduced in jboss-remoting versions 3.3.10, reads from an empty buffer. An attacker could use this flaw to cause denial of service via high CPU caused by an infinite loop.
Se ha encontrado una vulnerabilidad en la forma en la que RemoteMessageChannel, introducido en las versiones 3.3.10 de jboss-remoting, lee desde un búfer vacío. Un atacante podría emplear este error para provocar una denegación de servicio (DoS) mediante un consumo alto de CPU a través de un bucle infinito.
A vulnerability was found in the way RemoteMessageChannel, introduced in jboss-remoting versions 3.3.10.Final-redhat-1, reads from an empty buffer. An attacker could use this flaw to cause denial of service via high CPU caused by an infinite loop.
Red Hat JBoss Enterprise Application Platform is a platform for Java applications based on the JBoss Application Server. This release of Red Hat JBoss Enterprise Application Platform 6.4.19 serves as a replacement for Red Hat JBoss Enterprise Application Platform 6.4.18, and includes bug fixes and enhancements, which are documented in the Release Notes document linked to in the References. Security Fix: It was found that when Artemis and HornetQ are configured with UDP discovery and JGroups discovery a huge byte array is created when receiving an unexpected multicast message. This may result in a heap memory exhaustion, full GC, or OutOfMemoryError.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2017-12-04 CVE Reserved
- 2018-02-05 CVE Published
- 2018-02-16 First Exploit
- 2024-08-05 CVE Updated
- 2025-03-30 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
CWE
- CWE-835: Loop with Unreachable Exit Condition ('Infinite Loop')
CAPEC
References (10)
| URL | Tag | Source |
|---|---|---|
| http://www.securitytracker.com/id/1040323 | Third Party Advisory |
| URL | Date | SRC |
|---|---|---|
| https://packetstorm.news/files/id/146423 | 2018-02-16 | |
| https://www.exploit-db.com/exploits/44099 | 2024-08-05 |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| https://access.redhat.com/errata/RHSA-2018:0268 | 2019-10-09 | |
| https://access.redhat.com/errata/RHSA-2018:0269 | 2019-10-09 | |
| https://access.redhat.com/errata/RHSA-2018:0270 | 2019-10-09 | |
| https://access.redhat.com/errata/RHSA-2018:0271 | 2019-10-09 | |
| https://access.redhat.com/errata/RHSA-2018:0275 | 2019-10-09 | |
| https://bugzilla.redhat.com/show_bug.cgi?id=1530457 | 2018-02-05 | |
| https://access.redhat.com/security/cve/CVE-2018-1041 | 2018-02-05 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Redhat Search vendor "Redhat" | Jboss Enterprise Application Platform Search vendor "Redhat" for product "Jboss Enterprise Application Platform" | 6.0.0 Search vendor "Redhat" for product "Jboss Enterprise Application Platform" and version "6.0.0" | - |
Affected
| in | Redhat Search vendor "Redhat" | Linux Search vendor "Redhat" for product "Linux" | 5.0 Search vendor "Redhat" for product "Linux" and version "5.0" | - |
Safe
|
| Redhat Search vendor "Redhat" | Jboss Enterprise Application Platform Search vendor "Redhat" for product "Jboss Enterprise Application Platform" | 6.0.0 Search vendor "Redhat" for product "Jboss Enterprise Application Platform" and version "6.0.0" | - |
Affected
| in | Redhat Search vendor "Redhat" | Linux Search vendor "Redhat" for product "Linux" | 6.0 Search vendor "Redhat" for product "Linux" and version "6.0" | - |
Safe
|
| Redhat Search vendor "Redhat" | Jboss Enterprise Application Platform Search vendor "Redhat" for product "Jboss Enterprise Application Platform" | 6.0.0 Search vendor "Redhat" for product "Jboss Enterprise Application Platform" and version "6.0.0" | - |
Affected
| in | Redhat Search vendor "Redhat" | Linux Search vendor "Redhat" for product "Linux" | 7.0 Search vendor "Redhat" for product "Linux" and version "7.0" | - |
Safe
|
| Redhat Search vendor "Redhat" | Jboss Enterprise Application Platform Search vendor "Redhat" for product "Jboss Enterprise Application Platform" | 6.4.0 Search vendor "Redhat" for product "Jboss Enterprise Application Platform" and version "6.4.0" | - |
Affected
| in | Redhat Search vendor "Redhat" | Linux Search vendor "Redhat" for product "Linux" | 5.0 Search vendor "Redhat" for product "Linux" and version "5.0" | - |
Safe
|
| Redhat Search vendor "Redhat" | Jboss Enterprise Application Platform Search vendor "Redhat" for product "Jboss Enterprise Application Platform" | 6.4.0 Search vendor "Redhat" for product "Jboss Enterprise Application Platform" and version "6.4.0" | - |
Affected
| in | Redhat Search vendor "Redhat" | Linux Search vendor "Redhat" for product "Linux" | 6.0 Search vendor "Redhat" for product "Linux" and version "6.0" | - |
Safe
|
| Redhat Search vendor "Redhat" | Jboss Enterprise Application Platform Search vendor "Redhat" for product "Jboss Enterprise Application Platform" | 6.4.0 Search vendor "Redhat" for product "Jboss Enterprise Application Platform" and version "6.4.0" | - |
Affected
| in | Redhat Search vendor "Redhat" | Linux Search vendor "Redhat" for product "Linux" | 7.0 Search vendor "Redhat" for product "Linux" and version "7.0" | - |
Safe
|
| Jboss Search vendor "Jboss" | Jboss-remoting Search vendor "Jboss" for product "Jboss-remoting" | 3.3.10 Search vendor "Jboss" for product "Jboss-remoting" and version "3.3.10" | - |
Affected
| ||||||