CVE-2023-6563

An unconstrained memory consumption vulnerability was discovered in Keycloak. It can be triggered in environments which have millions of offline tokens (> 500,000 users with each having at least 2 saved sessions). If an attacker creates two or more user sessions and then open the "consents" tab of the admin User Interface, the UI attempts to load a huge number of offline client sessions leading to excessive memory and CPU consumption which could potentially crash the entire system.
Configurations

Configuration 1 (hide)

cpe:2.3:a:redhat:keycloak:*:*:*:*:*:*:*:*

Configuration 2 (hide)

AND
cpe:2.3:a:redhat:single_sign-on:7.6:*:*:*:*:*:*:*
OR cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux:9.0:*:*:*:*:*:*:*

Configuration 3 (hide)

cpe:2.3:a:redhat:single_sign-on:-:*:*:*:text-only:*:*:*

Configuration 4 (hide)

AND
OR cpe:2.3:a:redhat:openshift_container_platform:4.11:*:*:*:*:*:*:*
cpe:2.3:a:redhat:openshift_container_platform:4.12:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*

Configuration 5 (hide)

AND
OR cpe:2.3:a:redhat:openshift_container_platform_for_power:4.9:*:*:*:*:*:*:*
cpe:2.3:a:redhat:openshift_container_platform_for_power:4.10:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*

Configuration 6 (hide)

AND
OR cpe:2.3:a:redhat:openshift_container_platform_for_ibm_linuxone:4.9:*:*:*:*:*:*:*
cpe:2.3:a:redhat:openshift_container_platform_for_ibm_linuxone:4.10:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*

History

27 Dec 2023, 18:49

Type Values Removed Values Added
CWE CWE-770
CPE cpe:2.3:a:redhat:single_sign-on:7.6:*:*:*:*:*:*:*
cpe:2.3:a:redhat:openshift_container_platform:4.12:*:*:*:*:*:*:*
cpe:2.3:a:redhat:openshift_container_platform_for_power:4.10:*:*:*:*:*:*:*
cpe:2.3:a:redhat:openshift_container_platform_for_power:4.9:*:*:*:*:*:*:*
cpe:2.3:a:redhat:openshift_container_platform_for_ibm_linuxone:4.10:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux:9.0:*:*:*:*:*:*:*
cpe:2.3:a:redhat:openshift_container_platform_for_ibm_linuxone:4.9:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*
cpe:2.3:a:redhat:openshift_container_platform:4.11:*:*:*:*:*:*:*
cpe:2.3:a:redhat:keycloak:*:*:*:*:*:*:*:*
cpe:2.3:a:redhat:single_sign-on:-:*:*:*:text-only:*:*:*
CVSS v2 : unknown
v3 : unknown
v2 : unknown
v3 : 7.7
First Time Redhat openshift Container Platform
Redhat openshift Container Platform For Ibm Linuxone
Redhat
Redhat enterprise Linux
Redhat keycloak
Redhat single Sign-on
Redhat openshift Container Platform For Power
References () https://github.com/keycloak/keycloak/issues/13340 - () https://github.com/keycloak/keycloak/issues/13340 - Issue Tracking
References () https://access.redhat.com/security/cve/CVE-2023-6563 - () https://access.redhat.com/security/cve/CVE-2023-6563 - Vendor Advisory
References () https://access.redhat.com/errata/RHSA-2023:7855 - () https://access.redhat.com/errata/RHSA-2023:7855 - Vendor Advisory
References () https://access.redhat.com/errata/RHSA-2023:7856 - () https://access.redhat.com/errata/RHSA-2023:7856 - Vendor Advisory
References () https://access.redhat.com/errata/RHSA-2023:7857 - () https://access.redhat.com/errata/RHSA-2023:7857 - Exploit
References () https://access.redhat.com/errata/RHSA-2023:7854 - () https://access.redhat.com/errata/RHSA-2023:7854 - Vendor Advisory
References () https://access.redhat.com/errata/RHSA-2023:7858 - () https://access.redhat.com/errata/RHSA-2023:7858 - Vendor Advisory
References () https://bugzilla.redhat.com/show_bug.cgi?id=2253308 - () https://bugzilla.redhat.com/show_bug.cgi?id=2253308 - Issue Tracking

14 Dec 2023, 22:15

Type Values Removed Values Added
New CVE

Information

Published : 2023-12-14 18:15

Updated : 2024-02-28 20:54


NVD link : CVE-2023-6563

Mitre link : CVE-2023-6563

CVE.ORG link : CVE-2023-6563


JSON object : View

Products Affected

redhat

  • enterprise_linux
  • openshift_container_platform_for_ibm_linuxone
  • openshift_container_platform_for_power
  • keycloak
  • openshift_container_platform
  • single_sign-on
CWE
CWE-770

Allocation of Resources Without Limits or Throttling