How severe is CVE-2023-26464?

This vulnerability has a severity rating of HIGH with a CVSS score of 7.5 out of 10.

What type of vulnerability is CVE-2023-26464?

This is classified as CWE-502, which is a common weakness in software security.

CVE-2023-26464 - HIGH Severity | CVSS 7.5

Vulnerability Description

** UNSUPPORTED WHEN ASSIGNED ** When using the Chainsaw or SocketAppender components with Log4j 1.x on JRE less than 1.7, an attacker that manages to cause a logging entry involving a specially-crafted (ie, deeply nested) hashmap or hashtable (depending on which logging component is in use) to be processed could exhaust the available memory in the virtual machine and achieve Denial of Service when the object is deserialized. This issue affects Apache Log4j before 2. Affected users are recommended to update to Log4j 2.x. NOTE: This vulnerability only affects products that are no longer supported by the maintainer.

Related Vulnerabilities

CVE-2016-4483

HIGH

CVSS:7.5(High)

The xmlBufAttrSerializeTxtContent function in xmlsave.c in libxml2 allows context-dependent attackers to cause a denial of service (out-of-bounds read and application crash) via a non-UTF-8 attribute ...

CWE-5022016

CVE-2017-1000195

HIGH

CVSS:7.5(High)

October CMS build 412 is vulnerable to PHP object injection in asset move functionality resulting in ability to delete files limited by file permissions on the server.

CWE-5022017

CVE-2017-15693

HIGH

CVSS:7.5(High)

In Apache Geode before v1.4.0, the Geode server stores application objects in serialized form. Certain cluster operations and API invocations cause these objects to be deserialized. A user with DATA:W...

CWE-5022017

CVE-2017-8804

HIGH

CVSS:7.5(High)

The xdr_bytes and xdr_string functions in the GNU C Library (aka glibc or libc6) 2.25 mishandle failures of buffer deserialization, which allows remote attackers to cause a denial of service (virtual ...

CWE-5022017

CVE-2017-9844

HIGH

CVSS:7.5(High)

SAP NetWeaver 7400.12.21.30308 allows remote attackers to cause a denial of service and possibly execute arbitrary code via a crafted serialized Java object in a request to metadatauploader, aka SAP S...

CWE-5022017

CVE-2018-0824

HIGH

CVSS:7.5(High)

A remote code execution vulnerability exists in "Microsoft COM for Windows" when it fails to properly handle serialized objects, aka "Microsoft COM for Windows Remote Code Execution Vulnerability." Th...

CWE-5022018