Curl does not have a limit on the size or quantity of headers it would accept in a response, allowing a malicious server to stream an endless series of headers to a client and eventually cause curl to run out of heap memory.
Created curl tracking bugs for this issue: Affects: fedora-all [bug 2239136]
This issue has been addressed in the following products: JBoss Core Services on RHEL 7 JBoss Core Services for RHEL 8 Via RHSA-2023:7625 https://access.redhat.com/errata/RHSA-2023:7625
This issue has been addressed in the following products: Red Hat JBoss Core Services Via RHSA-2023:7626 https://access.redhat.com/errata/RHSA-2023:7626