CVE-2018-1041

EUVD-2018-11701
A vulnerability was found in the way RemoteMessageChannel, introduced in jboss-remoting versions 3.3.10, reads from an empty buffer. An attacker could use this flaw to cause denial of service via high CPU caused by an infinite loop.
Infinite Loop
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
7.5 HIGH
NETWORK
LOW
NONE
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Base Score
CVSS 3.x
EPSS Score
Percentile: 94%
Affected Products (NVD)
VendorProductVersion
jbossjboss-remoting
3.3.10
redhatjboss_enterprise_application_platform
6.0.0
redhatjboss_enterprise_application_platform
6.4.0
𝑥
= Vulnerable software versions
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
libjboss-remoting-java
artful
dne
bionic
dne
cosmic
dne
disco
dne
trusty
dne
xenial
dne
Common Weakness Enumeration
References
http://www.securitytracker.com/id/1040323
https://access.redhat.com/errata/RHSA-2018:0268
https://access.redhat.com/errata/RHSA-2018:0269
https://access.redhat.com/errata/RHSA-2018:0270
https://access.redhat.com/errata/RHSA-2018:0271
https://access.redhat.com/errata/RHSA-2018:0275
https://bugzilla.redhat.com/show_bug.cgi?id=1530457
https://www.exploit-db.com/exploits/44099/
http://www.securitytracker.com/id/1040323
https://access.redhat.com/errata/RHSA-2018:0268
https://access.redhat.com/errata/RHSA-2018:0269
https://access.redhat.com/errata/RHSA-2018:0270
https://access.redhat.com/errata/RHSA-2018:0271
https://access.redhat.com/errata/RHSA-2018:0275
https://bugzilla.redhat.com/show_bug.cgi?id=1530457
https://www.exploit-db.com/exploits/44099/