GHSA-76fg-mhrg-fmmg

Source

https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/08/GHSA-76fg-mhrg-fmmg/GHSA-76fg-mhrg-fmmg.json

Aliases

CVE-2022-0084

Published

2022-08-27T00:00:44Z

Modified

2023-03-18T05:53:57.738856Z

Details

A flaw was found in XNIO, specifically in the notifyReadClosed method. The issue revealed this method was logging a message to another expected end. This flaw allows an attacker to send flawed requests to a server, possibly causing log contention-related performance concerns or an unwanted disk fill-up. A fix for this issue is available on the 3.x branch of the repository.

References

Affected packages

Maven / org.jboss.xnio:xnio-all

org.jboss.xnio:xnio-all

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0

Affected versions

3.*

3.0.0.CR1

3.0.0.CR2

3.0.0.CR3

3.0.0.CR4

3.0.0.CR5

3.0.0.CR5-frainone-1

3.0.0.CR6

3.0.0.CR7

3.0.0.GA

3.0.1.GA

3.0.10.GA

3.0.11.GA

3.0.12.GA

3.0.13.GA

3.0.14.GA

3.0.15.GA

3.0.16.GA

3.0.17.GA

3.0.2.GA

3.0.3.GA

3.0.4.GA

3.0.5.GA

3.0.6.GA

3.0.7.GA

3.0.8.GA

3.0.9.GA

3.1.0.Beta1

3.1.0.Beta2

3.1.0.Beta3

3.1.0.Beta4

3.1.0.Beta5

3.1.0.Beta6

3.1.0.Beta7

3.1.0.Beta8

3.1.0.Beta9

3.1.0.CR1

3.1.0.CR2

3.1.0.CR3

3.1.0.CR4

3.1.0.CR5

3.1.0.CR6

3.1.0.CR7

3.1.0.Final

3.2.0.Beta1

3.2.0.Beta2

3.2.0.Beta3

3.2.0.Beta4

3.2.0.Final

3.2.1.Final

3.2.2.Final

3.2.3.Final

3.3.0.Beta1

3.3.0.Beta2

3.3.0.Beta3

3.3.0.Beta4

3.3.0.Beta5

3.3.0.Final

3.3.1.Final

3.3.2.Final

3.3.3.Final

3.3.4.Final

3.3.5.Final

3.3.6.Final

3.3.7.Final

3.3.8.Final

3.4.0.Beta1

3.4.0.Beta2

3.4.0.Beta3

3.4.0.Final

3.4.1.Final

3.4.2.Final

3.4.3.Final

3.4.4.Final

3.4.5.Final

3.4.6.Final

3.4.7.Final

3.5.0.Beta1

3.5.0.Beta2

3.5.0.Beta3

3.5.0.Beta4

3.5.0.Beta5

3.5.0.Beta6

3.5.0.Beta7

3.5.0.CR1

3.5.0.CR2

3.5.0.Final

3.5.1.Final

3.5.2.Final

3.5.3.Final

3.5.4.Final

3.5.5.Final

3.5.6.Final

3.5.7.Final

3.5.8.Final

3.5.9.Final

3.6.0.Beta1

3.6.0.Beta2

3.6.0.Final

3.6.1.Final

3.6.2.Final

3.6.3.Final

3.6.4.Final

3.6.5.Final

3.6.6.Final

3.6.7.Final

3.6.8.Final

3.6.9.Final

3.7.0.Final

3.7.1.Final

3.7.10.Final

3.7.11.Final

3.7.12.Final

3.7.2.Final

3.7.3.Final

3.7.4.Final

3.7.5.Final

3.7.6.Final

3.7.7.Final

3.7.8.Final

3.7.9.Final

3.8.0.Final

3.8.1.Final

3.8.2.Final

3.8.3.Final

3.8.4.Final

3.8.5.Final

3.8.6.Final

3.8.7.Final

3.8.8.Final

Database specific

{
    "last_known_affected_version_range": "<= 3.8.7.Final"
}