Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [day] [month] [year] [list] 
Message-ID: <CAB8XdGDHH_p+JHm8X=h10nBzJjFhcwH2ueiAccrHDfeGhcDTzw@mail.gmail.com>
Date: Mon, 20 Jan 2025 15:24:18 +0000
From: Colm O hEigeartaigh <coheigea@...che.org>
To: oss-security@...ts.openwall.com
Subject: CVE-2025-23184: Apache CXF: Denial of Service vulnerability with
 temporary files

Affected versions:

- Apache CXF before 3.5.10
- Apache CXF 3.6.0 before 3.6.5
- Apache CXF 4.0.0 before 4.0.6

Description:

A potential denial of service vulnerability is present in versions of
Apache CXF before 3.5.10, 3.6.5 and 4.0.6. In some edge cases, the
CachedOutputStream instances may not be closed and, if backed by
temporary files, may fill up the file system (it applies to servers
and clients).

This issue is being tracked as CXF-7396

References:

https://cxf.apache.org/
https://www.cve.org/CVERecord?id=CVE-2025-23184
https://issues.apache.org/jira/browse/CXF-7396

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.