Uncontrolled Resource Consumption Affecting org.jboss.xnio:xnio-api package, versions [,3.8.14)
Snyk CVSS
Attack Complexity
Low
Availability
High
Threat Intelligence
EPSS
0.04% (10th
percentile)
Do your applications use this vulnerable package?
In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.
Test your applications- Snyk ID SNYK-JAVA-ORGJBOSSXNIO-6403375
- published 7 Mar 2024
- disclosed 5 Mar 2024
- credit Unknown
Introduced: 5 Mar 2024
CVE-2023-5685 Open this link in a new tabHow to fix?
Upgrade org.jboss.xnio:xnio-api
to version 3.8.14 or higher.
Overview
org.jboss.xnio:xnio-api is a simplified low-level I/O layer which can be used anywhere you are using NIO.
Affected versions of this package are vulnerable to Uncontrolled Resource Consumption due to the NotifierState
function that can cause a Stack Overflow Exception when the chain of notifier states becomes problematically large, leading to a possible denial of service.