Homepage
About Snyk

Uncontrolled Resource Consumption Affecting org.jboss.xnio:xnio-api package, versions [,3.8.14)

0.0
high
0
10

Snyk CVSS

    Attack Complexity Low
    Availability High

    Threat Intelligence

    EPSS 0.04% (10th percentile)
Expand this section
Red Hat
7.5 high

Do your applications use this vulnerable package?

In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.

Test your applications
  • Snyk ID SNYK-JAVA-ORGJBOSSXNIO-6403375
  • published 7 Mar 2024
  • disclosed 5 Mar 2024
  • credit Unknown
Report a new vulnerability Found a mistake?

Introduced: 5 Mar 2024

CVE-2023-5685 Open this link in a new tab
CWE-400 Open this link in a new tab

How to fix?

Upgrade org.jboss.xnio:xnio-api to version 3.8.14 or higher.

Overview

org.jboss.xnio:xnio-api is a simplified low-level I/O layer which can be used anywhere you are using NIO.

Affected versions of this package are vulnerable to Uncontrolled Resource Consumption due to the NotifierState function that can cause a Stack Overflow Exception when the chain of notifier states becomes problematically large, leading to a possible denial of service.