Back to bug 2182864

Who When What Removed Added
Chess Hazlett 2023-03-29 20:15:48 UTC Doc Text When using the Chainsaw or SocketAppender components with Log4j 1.x on JRE less than 1.7, an attacker that manages to cause a logging entry involving a specially-crafted (ie, deeply nested) hashmap or hashtable (depending on which logging component is in use) to be processed could exhaust the available memory in the virtual machine and achieve Denial of Service when the object is deserialized. This issue affects Apache Log4j before 2. When using the Chainsaw or SocketAppender components with Log4j 1.x on JRE less than 1.7, an attacker that manages to cause a logging entry involving a specially-crafted (ie, deeply nested) hashmap or hashtable (depending on which logging component is in use) to be processed could exhaust the available memory in the virtual machine and achieve Denial of Service when the object is deserialized. This issue affects Apache Log4j before version 2.
Chess Hazlett 2023-03-29 20:32:05 UTC CC aileenc, alampare, alazarot, anstephe, ataylor, avibelli, bbuckingham, bcourt, bdettelb, bgeorges, boliveir, clement.escoffier, cmoulliard, csutherl, dandread, dhanak, drichtar, eglynn, ehelms, emingora, gjospin, gmalinko, gparvin, gsmet, hamadhan, hbraun, hhorak, ibek, ikanello, janstey, jcantril, jclere, jjoyce, jmartisk, jolee, jorton, jpavlik, jrokos, jross, jschatte, jscholz, jsherril, jstastny, jwendell, kverlaen, lbacciot, lhh, lthon, lzap, max.andersen, mburns, mgarciac, mhulan, mizdebsk, mmadzin, mnovotny, mokumar, myarboro, nboldt, njean, nmoumoul, orabin, owatkins, pahickey, pcreech, pdrozd, peholase, periklis, pgallagh, probinso, pskopek, rcernich, rchan, rguimara, rjohnson, rkieley, rowaters, rrajasek, rruss, rsvoboda, sbiarozk, scorneli, sdouglas, spower, stcannon, sthorger, swoodman, szappis, teagle, twalsh
Paige Jung 2023-03-29 20:58:36 UTC Doc Text When using the Chainsaw or SocketAppender components with Log4j 1.x on JRE less than 1.7, an attacker that manages to cause a logging entry involving a specially-crafted (ie, deeply nested) hashmap or hashtable (depending on which logging component is in use) to be processed could exhaust the available memory in the virtual machine and achieve Denial of Service when the object is deserialized. This issue affects Apache Log4j before version 2. A flaw was found in Chainsaw and SocketAppender components with Log4j 1.x on JRE, less than 1.7. This issue may allow an attacker to use a logging entry with a specially-crafted hashmap or hashtable, depending on which logging component is in use, to process and exhaust the available memory in the virtual machine, resulting in a Denial of Service when the object is deserialized. This issue affects Apache Log4j before version 2.
Chess Hazlett 2023-03-29 21:55:49 UTC Depends On 2182893
Chess Hazlett 2023-03-29 22:00:27 UTC CC abenaiss, dfreiber, ellin, jburrell, rogbas, shbose, vkumar
Chess Hazlett 2023-03-29 22:41:00 UTC CC almacdon, jkang, jvanek, rhcs-maint
Chess Hazlett 2023-03-29 22:41:19 UTC Depends On 2182903
Chess Hazlett 2023-03-29 23:03:01 UTC Depends On 2182923, 2182909, 2182915, 2182913, 2182916, 2182912, 2182918, 2182928, 2182911, 2182919, 2182908, 2182907, 2182910, 2182920, 2182926, 2182924, 2182906, 2182922, 2182927, 2182925, 2182921, 2182917, 2182914
TEJ RATHI 2023-03-30 04:03:10 UTC Doc Type --- If docs needed, set a value
Marek Novotny 2023-03-30 09:44:35 UTC Flags needinfo?(chazlett)
Chess Hazlett 2023-03-30 19:58:43 UTC Flags needinfo?(chazlett)
Marián Konček 2023-05-15 12:07:43 UTC Flags needinfo?(chazlett)
CC mkoncek
Red Hat Bugzilla 2023-05-15 18:03:40 UTC CC rrajasek
Red Hat Bugzilla 2023-05-16 09:27:31 UTC CC mokumar
Chess Hazlett 2023-05-17 16:26:47 UTC Flags needinfo?(chazlett)
errata-xmlrpc 2023-06-19 10:13:21 UTC Link ID Red Hat Product Errata RHSA-2023:3663
Product Security DevOps Team 2023-06-19 20:38:00 UTC Status NEW CLOSED
Resolution --- ERRATA
Last Closed 2023-06-19 20:38:00 UTC

Back to bug 2182864