RHSA-2023:5165HighCVSS 9.8

Red Hat Security Advisory: Red Hat AMQ Streams 2.5.0 release and security update

Published
September 14, 2023
Last Modified
June 6, 2026

🔗 CVE IDs covered (15)

📋 Description

CVE-2021-37136 — netty-codec: Bzip2Decoder doesn't allow setting size restrictions for decompressed data CVE-2021-37137 — netty-codec: SnappyFrameDecoder doesn't restrict chunk length and may buffer skippable chunks in an unnecessary way CVE-2022-1471 — SnakeYaml: Constructor Deserialization Remote Code Execution CVE-2022-24823 — netty: world readable temporary file containing sensitive data CVE-2022-36944 — scala: deserialization gadget chain CVE-2023-0482 — RESTEasy: creation of insecure temp files CVE-2023-2976 — guava: insecure temporary directory creation CVE-2023-3635 — okio: GzipSource class improper exception handling CVE-2023-26048 — jetty-server: OutOfMemoryError for large multipart without filename read via request.getParameter() CVE-2023-26049 — jetty-server: Cookie parsing of quoted values can exfiltrate values from other cookies CVE-2023-33201 — bouncycastle: potential blind LDAP injection attack using a self-signed certificate CVE-2023-34453 — snappy-java: Integer overflow in shuffle leads to DoS CVE-2023-34454 — snappy-java: Integer overflow in compress leads to DoS CVE-2023-34455 — snappy-java: Unchecked chunk length leads to DoS CVE-2023-34462 — netty: SniHandler 16MB allocation leads to OOM

🔗 References (21)