// For flags

CVE-2023-5685

Xnio: stackoverflowexception when the chain of notifier states becomes problematically big

Severity Score

7.5
*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

0
*Multiple Sources

Exploited in Wild

-
*KEV

Decision

Attend
*SSVC
Descriptions

A flaw was found in XNIO. The XNIO NotifierState that can cause a Stack Overflow Exception when the chain of notifier states becomes problematically large can lead to uncontrolled resource management and a possible denial of service (DoS).

Se encontró una falla en XNIO. El XNIO NotifierState que puede provocar una excepción de desbordamiento de pila cuando la cadena de estados de notificador se vuelve problemáticamente grande puede provocar una gestión descontrolada de recursos y una posible denegación de servicio (DoS).

*Credits: N/A
CVSS Scores
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
None
Integrity
None
Availability
High
Attack Vector
Network
Attack Complexity
Low
Authentication
None
Confidentiality
None
Integrity
None
Availability
Complete
* Common Vulnerability Scoring System
SSVC
  • Decision:Attend
Exploitation
None
Automatable
Yes
Tech. Impact
Partial
* Organization's Worst-case Scenario
Timeline
  • 2023-10-20 CVE Reserved
  • 2024-03-22 CVE Published
  • 2024-04-26 EPSS Updated
  • 2024-11-26 CVE Updated
  • ---------- Exploited in Wild
  • ---------- KEV Due Date
  • ---------- First Exploit
CWE
  • CWE-400: Uncontrolled Resource Consumption
CAPEC
Affected Vendors, Products, and Versions
Vendor Product Version Other Status
Vendor Product Version Other Status <-- --> Vendor Product Version Other Status
Redhat
Search vendor "Redhat"
 Apache-camel-spring-boot
Search vendor "Redhat" for product "Apache-camel-spring-boot"
*-
Affected
Redhat
Search vendor "Redhat"
 Build Keycloak
Search vendor "Redhat" for product "Build Keycloak"
*-
Affected
Redhat
Search vendor "Redhat"
 Build Of Keycloak
Search vendor "Redhat" for product "Build Of Keycloak"
*-
Affected
Redhat
Search vendor "Redhat"
 Camel Spring Boot
Search vendor "Redhat" for product "Camel Spring Boot"
*-
Affected
Redhat
Search vendor "Redhat"
 Data Grid
Search vendor "Redhat" for product "Data Grid"
*-
Affected
Redhat
Search vendor "Redhat"
 Integration
Search vendor "Redhat" for product "Integration"
*-
Affected
Redhat
Search vendor "Redhat"
 Integration Camel K
Search vendor "Redhat" for product "Integration Camel K"
*-
Affected
Redhat
Search vendor "Redhat"
 Jboss Data Grid
Search vendor "Redhat" for product "Jboss Data Grid"
*-
Affected
Redhat
Search vendor "Redhat"
 Jboss Enterprise Application Platform
Search vendor "Redhat" for product "Jboss Enterprise Application Platform"
*-
Affected
Redhat
Search vendor "Redhat"
 Jboss Enterprise Application Platform Eus
Search vendor "Redhat" for product "Jboss Enterprise Application Platform Eus"
*-
Affected
Redhat
Search vendor "Redhat"
 Jboss Enterprise Bpms Platform
Search vendor "Redhat" for product "Jboss Enterprise Bpms Platform"
*-
Affected
Redhat
Search vendor "Redhat"
 Jboss Fuse
Search vendor "Redhat" for product "Jboss Fuse"
*-
Affected
Redhat
Search vendor "Redhat"
 Jboss Fuse Service Works
Search vendor "Redhat" for product "Jboss Fuse Service Works"
*-
Affected
Redhat
Search vendor "Redhat"
 Jbosseapxp
Search vendor "Redhat" for product "Jbosseapxp"
*-
Affected
Redhat
Search vendor "Redhat"
 Process Automation
Search vendor "Redhat" for product "Process Automation"
*-
Affected
Redhat
Search vendor "Redhat"
 Red Hat Single Sign On
Search vendor "Redhat" for product "Red Hat Single Sign On"
*-
Affected
Redhat
Search vendor "Redhat"
 Rhboac Hawtio
Search vendor "Redhat" for product "Rhboac Hawtio"
*-
Affected
Redhat
Search vendor "Redhat"
 Enterprise Linux
Search vendor "Redhat" for product "Enterprise Linux"
*-
Affected