Описание
A flaw was found in Undertow. A buffer leak on the incoming WebSocket PONG message may lead to memory exhaustion. This flaw allows an attacker to cause a denial of service. The highest threat from this vulnerability is availability.
Отчет
Although Red Hat OpenStack Platform packages the vulnerable code in Opendaylight, it does not use or support the undertow-encapsulating features. The security impact for RHOSP is therefore rated as Low and no update will be provided at this time.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat build of Quarkus | undertow | Not affected | ||
| Red Hat Decision Manager 7 | undertow | Not affected | ||
| Red Hat Integration Camel K 1 | undertow | Affected | ||
| Red Hat Integration Service Registry | undertow | Not affected | ||
| Red Hat JBoss Data Grid 7 | undertow | Out of support scope | ||
| Red Hat JBoss Fuse 6 | undertow | Out of support scope | ||
| Red Hat OpenStack Platform 13 (Queens) | undertow | Will not fix | ||
| Red Hat Process Automation 7 | undertow | Not affected | ||
| EAP 7.3.9 release | Fixed | RHSA-2021:3471 | 08.09.2021 | |
| EAP 7.3 async | Fixed | RHSA-2021:3216 | 18.08.2021 |
Показывать по
Дополнительная информация
Статус:
EPSS
7.5 High
CVSS3
Связанные уязвимости
A flaw was found in Undertow. A buffer leak on the incoming WebSocket PONG message may lead to memory exhaustion. This flaw allows an attacker to cause a denial of service. The highest threat from this vulnerability is availability.
A flaw was found in Undertow. A buffer leak on the incoming WebSocket PONG message may lead to memory exhaustion. This flaw allows an attacker to cause a denial of service. The highest threat from this vulnerability is availability.
A flaw was found in Undertow. A buffer leak on the incoming WebSocket ...
Undertow vulnerable to memory exhaustion due to buffer leak
EPSS
7.5 High
CVSS3