PT-2022-10483 · Undertow · Undertow
Guilherme De Almeida Suckevicz
·
Published
2022-05-24
·
Updated
2022-11-10
·
CVE-2021-3597
CVSS v3.1
5.9
Medium
| Vector | AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H |
Name of the Vulnerable Software and Affected Versions
Undertow versions prior to 2.0.35.SP1
Undertow versions prior to 2.0.36.SP1
Undertow versions prior to 2.0.39.Final
Undertow versions prior to 2.2.6.SP1
Undertow versions prior to 2.2.7.SP1
Undertow versions prior to 2.2.9.Final
Description
A flaw was found in Undertow. The HTTP2SourceChannel fails to write the final frame under some circumstances, resulting in a denial of service. The highest threat from this vulnerability is availability.
Recommendations
For versions prior to 2.0.35.SP1, update to version 2.0.35.SP1 or later.
For versions prior to 2.0.36.SP1, update to version 2.0.36.SP1 or later.
For versions prior to 2.0.39.Final, update to version 2.0.39.Final or later.
For versions prior to 2.2.6.SP1, update to version 2.2.6.SP1 or later.
For versions prior to 2.2.7.SP1, update to version 2.2.7.SP1 or later.
For versions prior to 2.2.9.Final, update to version 2.2.9.Final or later.
Fix
DoS
Race Condition
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Undertow