CVE-2024-10270

MEDIUM

Keycloak-services < 24.0.9 - Denial of Service via Regex Complexity in SearchQueryUtils

Title source: llm

Description

A vulnerability was found in the Keycloak-services package. If untrusted data is passed to the SearchQueryUtils method, it could lead to a denial of service (DoS) scenario by exhausting system resources due to a Regex complexity.

References (8)

Core 8

Core References

Vendor Advisory vendor-advisory x_refsource_redhat

https://access.redhat.com/errata/RHSA-2024:10175

Vendor Advisory vendor-advisory x_refsource_redhat

https://access.redhat.com/errata/RHSA-2024:10176

Vendor Advisory vendor-advisory x_refsource_redhat

https://access.redhat.com/errata/RHSA-2024:10177

Vendor Advisory vendor-advisory x_refsource_redhat

https://access.redhat.com/errata/RHSA-2024:10178

Vendor Advisory vdb-entry x_refsource_redhat

https://access.redhat.com/security/cve/CVE-2024-10270

Issue Tracking issue-tracking x_refsource_redhat

https://bugzilla.redhat.com/show_bug.cgi?id=2321214

https://github.com/advisories/GHSA-wq8x-cg39-8mrr

https://github.com/keycloak/keycloak/commit/5d6c91f3309db468b0fe4834e88c3d25649f73e4

View Patch ZIP pw:eip

Scores

CVSS v3 6.5

EPSS 0.0125

EPSS Percentile 65.5%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact partial

Details

CWE

CWE-1333

Status published

Products (11)

org.keycloak/keycloak-services 0 - 24.0.9Maven

Red Hat/Red Hat build of Keycloak 24 24-18

Red Hat/Red Hat build of Keycloak 24 24.0.9-1

Red Hat/Red Hat build of Keycloak 24.0.9

Red Hat/Red Hat build of Keycloak 26.0 26.0-5

Red Hat/Red Hat build of Keycloak 26.0 26.0-6

Red Hat/Red Hat build of Keycloak 26.0 26.0.6-2

Red Hat/Red Hat build of Keycloak 26.0.6

Red Hat/Red Hat JBoss Enterprise Application Platform 8

Red Hat/Red Hat JBoss Enterprise Application Platform Expansion Pack

... and 1 more

Published Nov 25, 2024

Tracked Since Feb 18, 2026