CVE-2024-5971

CVSS v4.0

8.7

High

Vector

AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N

Name of the Vulnerable Software and Affected Versions: Undertow (affected versions not specified)

Description: A vulnerability was found in Undertow, where the chunked response hangs after the body was flushed. The response headers and body were sent, but the client would continue waiting as Undertow does not send the expected 0r termination of the chunked response. This results in uncontrolled resource consumption, leaving the server side to a denial of service attack. This happens only with Java 17 TLSv1.3 scenarios.

Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Uncontrolled Recursion

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-674

Related Identifiers

BDU:2026-00138

CVE-2024-5971

GHSA-XPP6-8R3J-WW43

RHSA-2024:5143

RHSA-2024:5144

RHSA-2024:5145

Affected Products

Undertow

CVE-2024-5971

Weakness Enumeration

Related Identifiers

Affected Products

References · 31