VDB
RHSA-2023%3A5946
RHSA-2023%3A5946
PUBLISHED
CVSS 6.5 MEDIUM
A flaw was found in Netty's SniHandler while navigating TLS handshake which may permit a large heap allocation if the handler did not have a timeout configured. This issue may allow an attacker to send a client hello packet which would cause the server to buffer large amounts of data per connection, potentially causing an out of memory error, resulting in Denial of Service.
Risk Scores
CVSS 3.1
6.5
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Red Hat | Red Hat AMQ Broker 7 |
Timeline
- Oct 19, 2023 CVE Published
- Apr 25, 2026 Distribution Patch
- Apr 25, 2026 Distribution Patch
- Apr 25, 2026 Security Advisory
- Apr 25, 2026 Security Advisory
- Apr 25, 2026 Security Advisory
- Apr 25, 2026 Security Advisory
- Apr 25, 2026 Security Advisory
- Apr 30, 2026 CVE Updated
References
- https://access.redhat.com/errata/RHSA-2023:5946 advisory
- https://access.redhat.com/security/updates/classification/#important advisory
- https://access.redhat.com/security/vulnerabilities/RHSB-2023-003 advisory
- https://access.redhat.com/jbossnetwork/restricted/listSoftware.html?downloadType=distributions&product=jboss.amq.broker&version=7.11.3 advisory
- https://access.redhat.com/documentation/en-us/red_hat_amq_broker/7.11 advisory
- https://bugzilla.redhat.com/show_bug.cgi?id=2216888 issue
- https://bugzilla.redhat.com/show_bug.cgi?id=2235370 issue
- https://bugzilla.redhat.com/show_bug.cgi?id=2239634 issue
- https://bugzilla.redhat.com/show_bug.cgi?id=2242803 issue
- https://security.access.redhat.com/data/csaf/v2/advisories/2023/rhsa-2023_5946.json advisory
- https://access.redhat.com/security/cve/CVE-2023-34462 advisory
- https://www.cve.org/CVERecord?id=CVE-2023-34462 advisory
- https://nvd.nist.gov/vuln/detail/CVE-2023-34462 advisory
- https://access.redhat.com/security/cve/CVE-2023-40167 advisory
- https://www.cve.org/CVERecord?id=CVE-2023-40167 advisory
- https://nvd.nist.gov/vuln/detail/CVE-2023-40167 advisory
- https://github.com/eclipse/jetty.project/security/advisories/GHSA-hmr7-m48g-48f6 advisory
- https://www.rfc-editor.org/rfc/rfc9110#section-8.6 advisory
- https://access.redhat.com/security/cve/CVE-2023-41080 advisory
- https://www.cve.org/CVERecord?id=CVE-2023-41080 advisory
…and 10 more