GHSA-p6j8-hgv5-m35g

Source

https://github.com/advisories/GHSA-p6j8-hgv5-m35g

Import Source

https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/03/GHSA-p6j8-hgv5-m35g/GHSA-p6j8-hgv5-m35g.json

JSON Data

https://api.osv.dev/v1/vulns/GHSA-p6j8-hgv5-m35g

Aliases

CVE-2020-35510

Published

2022-03-18T17:58:30Z

Modified

2023-11-08T04:03:34.443926Z

Severity

7.5 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVSS Calculator

Summary

Uncontrolled Resource Consumption in jboss-remoting

Details

A flaw was found in jboss-remoting in versions before 5.0.20.SP1-redhat-00001. A malicious attacker could cause threads to hold up forever in the EJB server by writing a sequence of bytes corresponding to the expected messages of a successful EJB client request, but omitting the ACK messages, or just tamper with jboss-remoting code, deleting the lines that send the ACK message from the EJB client code resulting in a denial of service. The highest threat from this vulnerability is to system availability.

References

Affected packages

Maven / org.jboss.remoting:jboss-remoting

Package

Name: org.jboss.remoting:jboss-remoting; View open source insights on deps.dev
Purl: pkg:maven/org.jboss.remoting/jboss-remoting

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

5.0.20.Final

Affected versions

2.*

2.2.3.SP3

2.2.4

2.4.0.CR2

2.4.0.SP1

2.4.0.GA

2.5.0.SP1

2.5.0.SP2

2.5.0.GA

2.5.1

2.5.2.SP2

2.5.2

2.5.3.SP1

2.5.3

2.5.4.SP1

2.5.4.SP2

2.5.4.SP3

2.5.4.SP4

2.5.4.SP5

3.*

3.1.0.Beta1

3.3.0.Beta1

4.*

4.0.0.Beta1

4.0.0.Beta2

4.0.0.Beta3

4.0.0.Final

4.0.1.Final

4.0.2.Final

4.0.3.Final

4.0.4.Final

4.0.5.Beta1

4.0.5.Final

4.0.6.Final

4.0.7.Final

4.0.8.Final

4.0.9.Final

4.0.10.Final

4.0.11.Final

4.0.12.Final

4.0.13.Final

4.0.14.Final

4.0.15.Final

4.0.16.Final

4.0.16.Final-jason1

4.0.16.Final-jason2

4.0.16.Final-jason3

4.0.16.Final-jason4

4.0.16.Final-wildfly01

4.0.17.Final

4.0.17.Final-wildfly-1

4.0.18.Final

4.0.19.Final

4.0.20.Final

4.0.21.Final

4.0.22.Final

4.0.23.Final

4.0.24.Final

4.0.25.Final

5.*

5.0.0.Beta1

5.0.0.Beta2

5.0.0.Beta3

5.0.0.Beta4

5.0.0.Beta5

5.0.0.Beta6

5.0.0.Beta7

5.0.0.Beta8

5.0.0.Beta9

5.0.0.Beta10

5.0.0.Beta11

5.0.0.Beta12

5.0.0.Beta13

5.0.0.Beta14

5.0.0.Beta15

5.0.0.Beta16

5.0.0.Beta17

5.0.0.Beta18

5.0.0.Beta19

5.0.0.Beta20

5.0.0.Beta21

5.0.0.Beta22

5.0.0.Beta23

5.0.0.Beta24

5.0.0.Beta25

5.0.0.CR1

5.0.0.CR2

5.0.0.CR3

5.0.0.CR4

5.0.0.CR5

5.0.0.Final

5.0.1.Final

5.0.2.Final

5.0.3.Final

5.0.4.Final

5.0.5.Final

5.0.6.Final

5.0.7.Final

5.0.8.Final

5.0.9.Final

5.0.10.Final

5.0.11.Final

5.0.12.Final

5.0.13.Final

5.0.14.Final

5.0.15.Final

5.0.16.Final

5.0.17.Final

5.0.18.Final

5.0.19.Final

Database specific

{
    "last_known_affected_version_range": "<= 5.0.19.Final"
}