CVE-2023-6563
CVSS v3.1
7.7 (High)
EPSS
0.09 % (40th)
Affected Products
6
Advisories
1
An unconstrained memory consumption vulnerability was discovered in Keycloak. It can be triggered in environments which have millions of offline tokens (> 500,000 users with each having at least 2 saved sessions). If an attacker creates two or more user sessions and then open the "consents" tab of the admin User Interface, the UI attempts to load a huge number of offline client sessions leading to excessive memory and CPU consumption which could potentially crash the entire system.
Weaknesses
- CWE-770
- Allocation of Resources Without Limits or Throttling
- CVE Status
- PUBLISHED
- CNA
- Red Hat, Inc.
- Published Date
-
2023-12-14 18:15:45
(9 months ago) - Updated Date
-
2023-12-27 18:49:44
(8 months ago)
Affected Products
Loading...
Loading...
Loading...
Configuration #1
|
Configuration #2
AND |
|
---|
Configuration #3
|
Configuration #4
AND |
|
---|
Configuration #5
AND |
|
---|
Configuration #6
AND |
|
---|
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...