PT-2022-10500 · Undertow · Undertow

Guilherme De Almeida Suckevicz

Published

2022-05-24

Updated

2023-02-07

CVE-2021-3629

CVSS v3.1

5.9

Medium

Vector

AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H

Name of the Vulnerable Software and Affected Versions Undertow versions prior to 2.0.40.Final Undertow versions prior to 2.2.11.Final

Description A flaw was found in Undertow, related to a potential security issue in flow control handling by the browser over HTTP/2, which may cause overhead or a denial of service in the server. The highest threat from this issue is availability.

Recommendations For Undertow versions prior to 2.0.40.Final, update to version 2.0.40.Final or later. For Undertow versions prior to 2.2.11.Final, update to version 2.2.11.Final or later.

Fix

DoS

Resource Exhaustion

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-400

Related Identifiers

CVE-2021-3629

GHSA-RF6Q-VX79-MJXR

RHSA-2021:4676

RHSA-2021:4677

RHSA-2021:5149

RHSA-2021:5150

RHSA-2021:5151

Affected Products

Undertow

PT-2022-10500 · Undertow · Undertow

CVE-2021-3629

Weakness Enumeration

Related Identifiers

Affected Products

References · 13