Description
A flaw was found in undertow. This issue makes achieving a denial of service possible due to an unexpected handshake status updated in SslConduit, where the loop never terminates.
Problem types
Loop with Unreachable Exit Condition ('Infinite Loop')
Product status
2.2.24
0:2.2.22-1.SP3_redhat_00002.1.el8eap (rpm) before *
0:7.4.9-6.GA_redhat_00004.1.el8eap (rpm) before *
0:2.2.23-1.SP2_redhat_00001.1.el8eap (rpm) before *
0:2.0.14-1.Final_redhat_00001.1.el8eap (rpm) before *
0:2.2.22-1.SP3_redhat_00002.1.el9eap (rpm) before *
0:7.4.9-6.GA_redhat_00004.1.el9eap (rpm) before *
0:2.2.23-1.SP2_redhat_00001.1.el9eap (rpm) before *
0:2.0.14-1.Final_redhat_00001.1.el9eap (rpm) before *
0:2.2.22-1.SP3_redhat_00002.1.el7eap (rpm) before *
0:7.4.9-6.GA_redhat_00004.1.el7eap (rpm) before *
0:2.2.23-1.SP2_redhat_00001.1.el7eap (rpm) before *
0:2.0.14-1.Final_redhat_00001.1.el7eap (rpm) before *
0:18.0.8-1.redhat_00001.1.el7sso (rpm) before *
0:18.0.8-1.redhat_00001.1.el8sso (rpm) before *
0:18.0.8-1.redhat_00001.1.el9sso (rpm) before *
7.6-24 (rpm) before *
Timeline
| 2023-02-07: | Reported to Red Hat. |
| 2023-03-07: | Made public. |
References
access.redhat.com/errata/RHSA-2023:1184 (RHSA-2023:1184)
access.redhat.com/errata/RHSA-2023:1185 (RHSA-2023:1185)
access.redhat.com/errata/RHSA-2023:1512 (RHSA-2023:1512)
access.redhat.com/errata/RHSA-2023:1513 (RHSA-2023:1513)
access.redhat.com/errata/RHSA-2023:1514 (RHSA-2023:1514)
access.redhat.com/errata/RHSA-2023:1516 (RHSA-2023:1516)
access.redhat.com/errata/RHSA-2023:2135 (RHSA-2023:2135)
access.redhat.com/errata/RHSA-2023:3883 (RHSA-2023:3883)
access.redhat.com/errata/RHSA-2023:3884 (RHSA-2023:3884)
access.redhat.com/errata/RHSA-2023:3885 (RHSA-2023:3885)
access.redhat.com/errata/RHSA-2023:3888 (RHSA-2023:3888)
access.redhat.com/errata/RHSA-2023:3892 (RHSA-2023:3892)
access.redhat.com/errata/RHSA-2023:3954 (RHSA-2023:3954)
access.redhat.com/errata/RHSA-2023:4612 (RHSA-2023:4612)
access.redhat.com/security/cve/CVE-2023-1108
bugzilla.redhat.com/show_bug.cgi?id=2174246 (RHBZ#2174246)
github.com/advisories/GHSA-m4mm-pg93-fv78
security.netapp.com/advisory/ntap-20231020-0002/
access.redhat.com/errata/RHSA-2023:1184 (RHSA-2023:1184)
access.redhat.com/errata/RHSA-2023:1185 (RHSA-2023:1185)
access.redhat.com/errata/RHSA-2023:1512 (RHSA-2023:1512)
access.redhat.com/errata/RHSA-2023:1513 (RHSA-2023:1513)
access.redhat.com/errata/RHSA-2023:1514 (RHSA-2023:1514)
access.redhat.com/errata/RHSA-2023:1516 (RHSA-2023:1516)
access.redhat.com/errata/RHSA-2023:2135 (RHSA-2023:2135)
access.redhat.com/errata/RHSA-2023:3883 (RHSA-2023:3883)
access.redhat.com/errata/RHSA-2023:3884 (RHSA-2023:3884)
access.redhat.com/errata/RHSA-2023:3885 (RHSA-2023:3885)
access.redhat.com/errata/RHSA-2023:3888 (RHSA-2023:3888)
access.redhat.com/errata/RHSA-2023:3892 (RHSA-2023:3892)
access.redhat.com/errata/RHSA-2023:3954 (RHSA-2023:3954)
access.redhat.com/errata/RHSA-2023:4612 (RHSA-2023:4612)
access.redhat.com/security/cve/CVE-2023-1108
bugzilla.redhat.com/show_bug.cgi?id=2174246 (RHBZ#2174246)
github.com/advisories/GHSA-m4mm-pg93-fv78
security.netapp.com/advisory/ntap-20231020-0002/
