CVE-2022-0084

A flaw was found in XNIO, specifically in the notifyReadClosed method. The issue revealed this method was logging a message to another expected end. This flaw allows an attacker to send flawed requests to a server, possibly causing log contention-related performance concerns or an unwanted disk fill-up.

Database specific

{
    "unresolved_ranges": [
        {
            "extracted_events": [
                {
                    "last_affected": "7.0"
                }
            ],
            "source": "CPE_FIELD",
            "cpe": "cpe:2.3:a:redhat:single_sign-on:7.0:*:*:*:*:*:*:*"
        }
    ]
}

References

Affected packages

Git / github.com/xnio/xnio

Affected ranges

Type

GIT

Repo

https://github.com/xnio/xnio

Events

Introduced

Fixed

d1811eae5d59830fb3f86cd796cccae3a48b5565

Fixed

fdefb3b8b715d33387cadc4d48991fb1989b0c12

Database specific

{
    "extracted_events": [
        {
            "introduced": "0"
        },
        {
            "fixed": "3.8.7"
        }
    ],
    "source": [
        "CPE_FIELD",
        "REFERENCES"
    ],
    "cpe": "cpe:2.3:a:redhat:xnio:*:*:*:*:*:*:*:*"
}

Affected versions

2.*

2.0.0.GA

2.1.0.CR1

2.1.0.CR2

3.*

3.0.0.Beta1

3.0.0.Beta2

3.0.0.Beta3

3.0.0.Beta4

3.0.0.Beta5

3.0.0.Beta6

3.0.0.Beta7

3.0.0.Beta8

3.0.0.Beta9

3.0.0.CR1

3.0.0.CR2

3.0.0.CR3

3.0.0.CR4

3.0.0.CR5

3.0.0.CR6

3.0.0.CR7

3.0.0.GA

3.1.0.Beta1

3.1.0.Beta2

3.1.0.Beta3

3.1.0.Beta4

3.1.0.Beta5

3.1.0.Beta6

3.1.0.Beta7

3.1.0.Beta8

3.1.0.Beta9

3.1.0.CR1

3.1.0.CR2

3.1.0.CR3

3.1.0.CR4

3.1.0.CR5

3.1.0.CR6

3.1.0.CR7

3.1.0.Final

3.2.0.Beta1

3.2.0.Beta2

3.2.0.Beta3

3.2.0.Beta4

3.2.0.Final

3.3.0.Beta1

3.3.0.Beta2

3.4.0.Beta1

3.4.0.Beta2

3.4.0.Beta3

3.4.0.Final

3.5.0.Beta1

3.5.0.Beta2

3.5.0.Beta3

3.5.0.Beta4

3.5.0.Beta5

3.5.0.Beta6

3.5.0.Beta7

3.5.0.CR1

3.5.0.CR2

3.5.0.Final

3.5.1.Final

Database specific

source

"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2022-0084.json"