GHSA-p6j8-hgv5-m35g

Suggest an improvement
Source
https://github.com/advisories/GHSA-p6j8-hgv5-m35g
Import Source
https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/03/GHSA-p6j8-hgv5-m35g/GHSA-p6j8-hgv5-m35g.json
JSON Data
https://api.osv.dev/v1/vulns/GHSA-p6j8-hgv5-m35g
Aliases
Published
2022-03-18T17:58:30Z
Modified
2023-11-01T04:53:03.301682Z
Severity
  • 7.5 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVSS Calculator
Summary
Uncontrolled Resource Consumption in jboss-remoting
Details

A flaw was found in jboss-remoting in versions before 5.0.20.SP1-redhat-00001. A malicious attacker could cause threads to hold up forever in the EJB server by writing a sequence of bytes corresponding to the expected messages of a successful EJB client request, but omitting the ACK messages, or just tamper with jboss-remoting code, deleting the lines that send the ACK message from the EJB client code resulting in a denial of service. The highest threat from this vulnerability is to system availability.

References

Affected packages

Maven / org.jboss.remoting:jboss-remoting

Package

Name
org.jboss.remoting:jboss-remoting
View open source insights on deps.dev
Purl
pkg:maven/org.jboss.remoting/jboss-remoting

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
5.0.20.Final

Affected versions

2.*

2.2.3.SP3
2.2.4
2.4.0.CR2
2.4.0.SP1
2.4.0.GA
2.5.0.SP1
2.5.0.SP2
2.5.0.GA
2.5.1
2.5.2.SP2
2.5.2
2.5.3.SP1
2.5.3
2.5.4.SP1
2.5.4.SP2
2.5.4.SP3
2.5.4.SP4
2.5.4.SP5

3.*

3.1.0.Beta1
3.3.0.Beta1

4.*

4.0.0.Beta1
4.0.0.Beta2
4.0.0.Beta3
4.0.0.Final
4.0.1.Final
4.0.2.Final
4.0.3.Final
4.0.4.Final
4.0.5.Beta1
4.0.5.Final
4.0.6.Final
4.0.7.Final
4.0.8.Final
4.0.9.Final
4.0.10.Final
4.0.11.Final
4.0.12.Final
4.0.13.Final
4.0.14.Final
4.0.15.Final
4.0.16.Final
4.0.16.Final-jason1
4.0.16.Final-jason2
4.0.16.Final-jason3
4.0.16.Final-jason4
4.0.16.Final-wildfly01
4.0.17.Final
4.0.17.Final-wildfly-1
4.0.18.Final
4.0.19.Final
4.0.20.Final
4.0.21.Final
4.0.22.Final
4.0.23.Final
4.0.24.Final
4.0.25.Final

5.*

5.0.0.Beta1
5.0.0.Beta2
5.0.0.Beta3
5.0.0.Beta4
5.0.0.Beta5
5.0.0.Beta6
5.0.0.Beta7
5.0.0.Beta8
5.0.0.Beta9
5.0.0.Beta10
5.0.0.Beta11
5.0.0.Beta12
5.0.0.Beta13
5.0.0.Beta14
5.0.0.Beta15
5.0.0.Beta16
5.0.0.Beta17
5.0.0.Beta18
5.0.0.Beta19
5.0.0.Beta20
5.0.0.Beta21
5.0.0.Beta22
5.0.0.Beta23
5.0.0.Beta24
5.0.0.Beta25
5.0.0.CR1
5.0.0.CR2
5.0.0.CR3
5.0.0.CR4
5.0.0.CR5
5.0.0.Final
5.0.1.Final
5.0.2.Final
5.0.3.Final
5.0.4.Final
5.0.5.Final
5.0.6.Final
5.0.7.Final
5.0.8.Final
5.0.9.Final
5.0.10.Final
5.0.11.Final
5.0.12.Final
5.0.13.Final
5.0.14.Final
5.0.15.Final
5.0.16.Final
5.0.17.Final
5.0.18.Final
5.0.19.Final

Database specific

{
    "last_known_affected_version_range": "<= 5.0.19.Final"
}