A vulnerability was found in the way RemoteMessageChannel, introduced in jboss-remoting versions 3.3.10, reads from an empty buffer. An attacker could use this flaw to cause denial of service via high CPU caused by an infinite loop.
[
{
"product": "jboss-remoting",
"vendor": "Red Hat, Inc.",
"versions": [
{
"status": "affected",
"version": "since 3.3.10"
}
]
}
]
www.securitytracker.com/id/1040323
access.redhat.com/errata/RHSA-2018:0268
access.redhat.com/errata/RHSA-2018:0269
access.redhat.com/errata/RHSA-2018:0270
access.redhat.com/errata/RHSA-2018:0271
access.redhat.com/errata/RHSA-2018:0275
bugzilla.redhat.com/show_bug.cgi?id=1530457
www.exploit-db.com/exploits/44099/