Bug 2339095 (CVE-2025-23184)
| Summary: | CVE-2025-23184 org.apache.cxf: Apache CXF: Denial of Service vulnerability with temporary files | ||
|---|---|---|---|
| Product: | [Other] Security Response | Reporter: | OSIDB Bzimport <bzimport> |
| Component: | vulnerability | Assignee: | Product Security DevOps Team <prodsec-dev> |
| Status: | NEW --- | QA Contact: | |
| Severity: | low | Docs Contact: | |
| Priority: | low | ||
| Version: | unspecified | CC: | anstephe, asoldano, avibelli, bbaranow, bgeorges, bmaxwell, boliveir, brian.stansberry, cdewolf, chazlett, chfoley, clement.escoffier, cmiranda, dandread, darran.lofthouse, dhanak, dkreling, dosoudil, drichtar, ecerquei, fjuma, fmariani, fmongiar, gmalinko, gsmet, ibek, istudens, ivassile, iweiss, janstey, jcantril, jkoops, jmartisk, jnethert, jpoth, jrokos, jscholz, kverlaen, lgao, lthon, manderse, mnovotny, mosmerov, msochure, msvehla, nwallace, olubyans, pcongius, pdelbell, pdrozd, peholase, pesilva, pgallagh, pjindal, pmackay, probinso, pskopek, rguimara, rmartinc, rojacob, rowaters, rruss, rstancel, rstepani, rsvoboda, sausingh, sbiarozk, smaestri, sthorger, swoodman, tcunning, tom.jenkinson, tqvarnst, yfang |
| Target Milestone: | --- | Keywords: | Security |
| Target Release: | --- | ||
| Hardware: | All | ||
| OS: | Linux | ||
| Whiteboard: | |||
| Fixed In Version: | Doc Type: | If docs needed, set a value | |
| Doc Text: |
A flaw was found in Apache CXF. In some edge cases with large data stream caching, the CachedOutputStream instances may not be closed and, if backed by temporary files, may fill up the file system and trigger a denial of service.
|
Story Points: | --- |
| Clone Of: | Environment: | ||
| Last Closed: | Type: | --- | |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Embargoed: | |||
|
Description
OSIDB Bzimport
2025-01-21 10:01:10 UTC
|