PT-2018-7172 · Red Hat · Undertow

Published

2017-07-11

Updated

2019-10-09

CVE-2017-2670

CVSS v3.1

7.5

High

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Name of the Vulnerable Software and Affected Versions: Undertow versions prior to 1.3.28

Description: A denial-of-service issue was discovered in Undertow, where a non-clean TCP close causes the Websocket server to enter an infinite loop on every IO thread.

Recommendations: For versions prior to 1.3.28, update to version 1.3.28 or later to resolve the issue.

Fix

DoS

Infinite Loop

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-835

Related Identifiers

CVE-2017-2670

DSA-3906-1

GHSA-3X7H-5HFR-HVJM

RHSA-2017:1410

RHSA-2017:1411

RHSA-2017:1412

RHSA-2017:3454

RHSA-2017:3455

RHSA-2017:3458

Affected Products

Undertow

PT-2018-7172 · Red Hat · Undertow

CVE-2017-2670

Weakness Enumeration

Related Identifiers

Affected Products

References · 27