A vulnerability was found in the Keycloak-services package. If untrusted data is passed to the SearchQueryUtils method, it could lead to a denial of service (DoS) scenario by exhausting system resources due to a Regex complexity.
rhbk/keycloak Red Hat / RHEL
Fixed in: rhel9@sha256:9f0c7ff5d4f97775801fcc17392eaba634eceb8407b0635998a406cf784591cb_ppc64le RHSA-2024:10177 Fixed in: rhel9-operator@sha256:f42eac86465f8c2cd7c9e8d5be2f5efb0d3aa78edb065c3c7df99c89c865f07c_ppc64le RHSA-2024:10177 Fixed in: rhel9@sha256:6660b8b5c6628e835d01fbe7a464120d147d5b571cc5916afe800b2eb2b6d3d5_s390x RHSA-2024:10177 Fixed in: rhel9-operator@sha256:89607e68cfdc0741090e4fbec8e253c60fc1fc7748504ec965bdfd71a556de68_s390x RHSA-2024:10177 Fixed in: rhel9@sha256:b3cf32eb519b285c4796a9ee110e323fc58beb5780fc7ddec2467da54717b216_amd64 RHSA-2024:10177 Fixed in: operator-bundle@sha256:df1759af072286178f29d7b70cb44cacf29698449b5aaf7284b7eaf3086ae7a7_amd64 RHSA-2024:10177 Fixed in: rhel9-operator@sha256:9d5a5d7a2caadab9479b3c76c1a58a4706335317aa140c56f2444131aaa75fec_amd64 RHSA-2024:10177 Fixed in: rhel9@sha256:0d281d30fa7f931cabd50b24c908c2b61c1fc527326626ad4fff548e47bfd577_ppc64le RHSA-2024:10175 Fixed in: rhel9-operator@sha256:446294f7b35b9e1a3ad908ceab53fabbd1b8dfa0535e6b9a7acebcd038a2507a_ppc64le RHSA-2024:10175 Fixed in: rhel9@sha256:69f6df6ec90aca5d801c6724e5350700548d8903a4be3aef7a1bb95bbbbdb0c6_amd64 RHSA-2024:10175 Fixed in: operator-bundle@sha256:b88294b9033853bf4874fe5f14757c217c7ab3901dfd6ded46b880fd9bd9543b_amd64 RHSA-2024:10175 Fixed in: rhel9-operator@sha256:3c74dc71609ff709e4221145dbca43ea1fd973789d3b380a00402e7700d10b68_amd64 RHSA-2024:10175 Fixed in: rhel9@sha256:801d2ade5b61cadf0508f347881ae496e679725a6052653619044a63938b8184_s390x RHSA-2024:10175 Fixed in: rhel9-operator@sha256:b0259432bac5499e7ea08136ef8357851d1f5be64a3b5086cdf46bfaac9d50b0_s390x RHSA-2024:10175 rhbk/keycloak Rocky
Fixed in: rhel9@sha256:9f0c7ff5d4f97775801fcc17392eaba634eceb8407b0635998a406cf784591cb_ppc64le RHSA-2024:10177 Fixed in: rhel9-operator@sha256:f42eac86465f8c2cd7c9e8d5be2f5efb0d3aa78edb065c3c7df99c89c865f07c_ppc64le RHSA-2024:10177 Fixed in: rhel9@sha256:6660b8b5c6628e835d01fbe7a464120d147d5b571cc5916afe800b2eb2b6d3d5_s390x RHSA-2024:10177 Fixed in: rhel9-operator@sha256:89607e68cfdc0741090e4fbec8e253c60fc1fc7748504ec965bdfd71a556de68_s390x RHSA-2024:10177 Fixed in: rhel9@sha256:b3cf32eb519b285c4796a9ee110e323fc58beb5780fc7ddec2467da54717b216_amd64 RHSA-2024:10177 Fixed in: operator-bundle@sha256:df1759af072286178f29d7b70cb44cacf29698449b5aaf7284b7eaf3086ae7a7_amd64 RHSA-2024:10177 Fixed in: rhel9-operator@sha256:9d5a5d7a2caadab9479b3c76c1a58a4706335317aa140c56f2444131aaa75fec_amd64 RHSA-2024:10177 Fixed in: rhel9@sha256:0d281d30fa7f931cabd50b24c908c2b61c1fc527326626ad4fff548e47bfd577_ppc64le RHSA-2024:10175 Fixed in: rhel9-operator@sha256:446294f7b35b9e1a3ad908ceab53fabbd1b8dfa0535e6b9a7acebcd038a2507a_ppc64le RHSA-2024:10175 Fixed in: rhel9@sha256:69f6df6ec90aca5d801c6724e5350700548d8903a4be3aef7a1bb95bbbbdb0c6_amd64 RHSA-2024:10175 Fixed in: operator-bundle@sha256:b88294b9033853bf4874fe5f14757c217c7ab3901dfd6ded46b880fd9bd9543b_amd64 RHSA-2024:10175 Fixed in: rhel9-operator@sha256:3c74dc71609ff709e4221145dbca43ea1fd973789d3b380a00402e7700d10b68_amd64 RHSA-2024:10175 Fixed in: rhel9@sha256:801d2ade5b61cadf0508f347881ae496e679725a6052653619044a63938b8184_s390x RHSA-2024:10175 Fixed in: rhel9-operator@sha256:b0259432bac5499e7ea08136ef8357851d1f5be64a3b5086cdf46bfaac9d50b0_s390x RHSA-2024:10175 Remediation is compiled from vendor and distribution security advisories. Always confirm against the linked source for your exact version and platform.
Exploitability
Attack Vector Network
Attack Complexity Low
Privileges Required Low
User Interaction None
Scope Unchanged
Impact
Confidentiality None
Integrity None
Availability High
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
1.26% probability of exploitation in 30 days
66th percentile
Moderate risk: more likely to be exploited than 66% of all known CVEs.
Other CWE-1333 vulnerabilities, ordered by exploit likelihood. View all
Embed a live status badge for CVE-2024-10270 Markdown
[](https://tridentstack.com/cve/CVE-2024-10270)HTML
<a href="https://tridentstack.com/cve/CVE-2024-10270"><img src="https://tridentstack.com/cve/badge/CVE-2024-10270.svg" alt="CVE-2024-10270"></a>Find and fix vulnerabilities across your fleet TridentStack Control continuously scans your Windows, macOS, and Linux fleet for known vulnerabilities, prioritizes them by severity and active exploitation, and patches them automatically.
Start free This product uses NVD data but is not endorsed or certified by the NVD. EPSS scores courtesy of FIRST.org (https://www.first.org/epss). Source: CISA KEV Catalog. Data as of 2026-05-06.