CVE-2022-0853

HIGH

Red Hat Decision Manager - Memory Leak via UserTransaction

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 2 public exploits for CVE-2022-0853. PoCs published by ByteHackr, bytehackr.

AI-analyzed exploit summary The repository describes a memory leak vulnerability (CVE-2022-0853) in the JBoss client when using UserTransaction repeatedly. The provided code snippet demonstrates the issue by iterating transactions 500,000 times, leading to significant memory consumption by TransactionClientChannel.

Description

A flaw was found in JBoss-client. The vulnerability occurs due to a memory leak on the JBoss client-side, when using UserTransaction repeatedly and leads to information leakage vulnerability.

Exploits (2)

nomisec WRITEUP 9 stars
by ByteHackr · poc
https://github.com/ByteHackr/CVE-2022-0853

The repository describes a memory leak vulnerability (CVE-2022-0853) in the JBoss client when using UserTransaction repeatedly. The provided code snippet demonstrates the issue by iterating transactions 500,000 times, leading to significant memory consumption by TransactionClientChannel.

Classification
Writeup 90%
Attack Type
Dos
Complexity
Moderate
Reliability
Reliable
Target: JBoss EAP 7.3 (jboss-client)
Auth required
Prerequisites: Access to a JBoss EAP 7.3 server with valid credentials · Ability to execute remote EJB calls
devstral-2 · analyzed Feb 16, 2026 Full analysis →
gitlab WRITEUP
by bytehackr · poc
https://gitlab.com/bytehackr/CVE-2022-0853

The repository provides a technical description and code snippet demonstrating a memory leak vulnerability in JBoss client-side transactions. It details how repeated use of UserTransaction leads to memory exhaustion, with specific mention of the affected component (org.wildfly.transaction.client.provider.remoting.TransactionClientChannel).

Classification
Writeup 90%
Attack Type
Dos
Complexity
Moderate
Reliability
Reliable
Target: JBoss EAP 7.3
Auth required
Prerequisites: Access to a JBoss EAP 7.3 instance with EJB deployed · Valid credentials for authentication
devstral-2 · analyzed Feb 23, 2026 Full analysis →

References (2)

Core 2
Core References
Issue Tracking, Vendor Advisory x_refsource_misc
https://bugzilla.redhat.com/show_bug.cgi?id=2060725
Exploit, Third Party Advisory x_refsource_misc
https://github.com/ByteHackr/CVE-2022-0853

Scores

CVSS v3 7.5
EPSS 0.0143
EPSS Percentile 69.5%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Details

CWE
CWE-401
Status published
Products (5)
redhat/descision_manager 7.0
redhat/jboss_enterprise_application_platform 7.0.0
redhat/jboss_enterprise_application_platform_expansion_pack
redhat/process_automation 7.0
redhat/single_sign-on 7.0
Published Mar 11, 2022
Tracked Since Feb 18, 2026