CVE-2018-10864

Impact:
Low
Public Date:
2018-06-21
CWE:
CWE-400
Bugzilla:
1593627: CVE-2018-10864 redhat-certification: resource consumption in DocumentBase:loadFiltered
An uncontrolled resource consumption flaw has been discovered in redhat-certification in the way documents are loaded. A remote attacker may provide an existing but invalid XML file which would be opened and never closed, possibly producing a Denial of Service.

Find out more about CVE-2018-10864 from the MITRE CVE dictionary dictionary and NIST NVD.

CVSS v3 metrics

CVSS3 Base Score 5.3
CVSS3 Base Metrics CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
Attack Vector Network
Attack Complexity Low
Privileges Required None
User Interaction None
Scope Unchanged
Confidentiality None
Integrity Impact None
Availability Impact Low

Red Hat Security Errata

Platform Errata Release Date
Red Hat Certification for Red Hat Enterprise Linux 7 (redhat-certification) RHSA-2018:2373 2018-08-09

Acknowledgements

This issue was discovered by Riccardo Schirone (Red Hat Product Security).

Last Modified
Close

Welcome! Check out the Getting Started with Red Hat page for quick tours and guides for common tasks.