PT-2024-2943 · Red Hat · Undertow+1

Chess Hazlett

Published

2024-04-04

Updated

2024-11-15

CVE-2023-1973

CVSS v2.0

7.8

High

Vector

AV:N/AC:L/Au:N/C:N/I:N/A:C

Name of the Vulnerable Software and Affected Versions Red Hat JBoss Enterprise Application Platform (affected versions not specified) Undertow (affected versions not specified)

Description A flaw was found in the Undertow package, allowing a malicious user to trigger a Denial of Service by sending crafted requests, leading the server to an Out-of-Memory error, exhausting the server's memory. The vulnerability exists due to insufficient input validation. Exploitation of the vulnerability may allow a remote attacker to cause a denial of service.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

RCE

Resource Exhaustion

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-20CWE-400

Related Identifiers

BDU:2024-03110

CVE-2023-1973

GHSA-97CQ-F4JM-MV8H

OESA-2024-2419

RHSA-2024:1674

RHSA-2024:1675

RHSA-2024:1676

RHSA-2024:2764

RHSA-2025:4226

RHSA-2025:9583

Affected Products

Red Hat Jboss Enterprise Application Platform

Undertow

PT-2024-2943 · Red Hat · Undertow+1

CVE-2023-1973

Weakness Enumeration

Related Identifiers

Affected Products

References · 58