Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

nvd логотип

CVE-2021-3690

Опубликовано: 23 авг. 2022
Источник: nvd
CVSS3: 7.5
EPSS Низкий

Описание

A flaw was found in Undertow. A buffer leak on the incoming WebSocket PONG message may lead to memory exhaustion. This flaw allows an attacker to cause a denial of service. The highest threat from this vulnerability is availability.

Ссылки

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:redhat:fuse:1.0:*:*:*:*:*:*:*
cpe:2.3:a:redhat:integration_camel_k:-:*:*:*:*:*:*:*
cpe:2.3:a:redhat:integration_camel_quarkus:-:*:*:*:*:*:*:*
cpe:2.3:a:redhat:jboss_enterprise_application_platform:-:*:*:*:text-only:*:*:*
cpe:2.3:a:redhat:openshift_application_runtimes:-:*:*:*:text-only:*:*:*
cpe:2.3:a:redhat:single_sign-on:-:*:*:*:text-only:*:*:*
cpe:2.3:a:redhat:undertow:*:*:*:*:*:*:*:*
Версия до 2.0.40 (исключая)
cpe:2.3:a:redhat:undertow:*:*:*:*:*:*:*:*
Версия от 2.1.0 (включая) до 2.2.10 (исключая)
Конфигурация 2

Одновременно

cpe:2.3:a:redhat:jboss_enterprise_application_platform:7.3:*:*:*:*:*:*:*

Одно из

cpe:2.3:o:redhat:enterprise_linux:6.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*
Конфигурация 3

Одновременно

cpe:2.3:a:redhat:jboss_enterprise_application_platform:7.4:*:*:*:*:*:*:*

Одно из

cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*

EPSS

Процентиль: 51%
0.00278
Низкий

7.5 High

CVSS3

Дефекты

CWE-400
CWE-401

Связанные уязвимости

ubuntu логотип

CVE-2021-3690

CVSS3: 7.5
ubuntu
больше 3 лет назад

A flaw was found in Undertow. A buffer leak on the incoming WebSocket PONG message may lead to memory exhaustion. This flaw allows an attacker to cause a denial of service. The highest threat from this vulnerability is availability.

redhat логотип

CVE-2021-3690

CVSS3: 7.5
redhat
больше 4 лет назад

A flaw was found in Undertow. A buffer leak on the incoming WebSocket PONG message may lead to memory exhaustion. This flaw allows an attacker to cause a denial of service. The highest threat from this vulnerability is availability.

debian логотип

CVE-2021-3690

CVSS3: 7.5
debian
больше 3 лет назад

A flaw was found in Undertow. A buffer leak on the incoming WebSocket ...

github логотип

GHSA-fj7c-vg2v-ccrm

CVSS3: 7.5
github
больше 3 лет назад

Undertow vulnerable to memory exhaustion due to buffer leak

EPSS

Процентиль: 51%
0.00278
Низкий

7.5 High

CVSS3

Дефекты

CWE-400
CWE-401