CVE-2017-2646 HIGH

CVE-2017-2646

Vendor Red Hat

Product keycloak

Weakness CWE-835

Published July 27, 2018

Last update August 5, 2024

View on NVD All CVEs

CVSS base score

7.5/10

Attack vector Network

Attack complexity Low

Privileges required None

User interaction None

Confidentiality None

Integrity None

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

What the vulnerability does

01Description

It was found that when Keycloak before 2.5.5 receives a Logout request with a Extensions in the middle of the request, the SAMLSloRequestParser.parse() method ends in a infinite loop. An attacker could use this flaw to conduct denial of service attacks.

Key dates

02Disclosure timeline

July 27, 2018 CVE published

August 5, 2024 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2017-2646

Related vulnerabilities

04Related CVE

CVE-2026-24816 Cookie Security Vulnerabilities in datavane/tis CVE-2026-27114 NanaZip has ROMFS Archive Infinite Loop CVE-2026-32889 tinytag: Denial of Service via non-terminating SYLT frame parsing loop CVE-2024-10907 Denial of Service (DoS) via Multipart Boundary in lm-sys/fastchat CVE-2023-0437 MongoDB client C Driver may infinitely loop when validating certain BSON input data