CVE-2023-1108 | THREATINT

Description

A flaw was found in undertow. This issue makes achieving a denial of service possible due to an unexpected handshake status updated in SslConduit, where the loop never terminates.

PUBLISHED Reserved 2023-03-01 | Published 2023-09-14 | Updated 2024-08-02 | Assigner redhat

HIGH: 7.5CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Problem types

Loop with Unreachable Exit Condition ('Infinite Loop')

Product status

2.3.5

unaffected

2.2.24

unaffected

Default status

unaffected

Default status

unaffected

Default status

unaffected

Default status

affected

0:2.2.22-1.SP3_redhat_00002.1.el8eap before *

unaffected

Default status

affected

0:7.4.9-6.GA_redhat_00004.1.el8eap before *

unaffected

Default status

affected

0:2.2.23-1.SP2_redhat_00001.1.el8eap before *

unaffected

Default status

affected

0:2.0.14-1.Final_redhat_00001.1.el8eap before *

unaffected

Default status

affected

0:2.2.22-1.SP3_redhat_00002.1.el9eap before *

unaffected

Default status

affected

0:7.4.9-6.GA_redhat_00004.1.el9eap before *

unaffected

Default status

affected

0:2.2.23-1.SP2_redhat_00001.1.el9eap before *

unaffected

Default status

affected

0:2.0.14-1.Final_redhat_00001.1.el9eap before *

unaffected

Default status

affected

0:2.2.22-1.SP3_redhat_00002.1.el7eap before *

unaffected

Default status

affected

0:7.4.9-6.GA_redhat_00004.1.el7eap before *

unaffected

Default status

affected

0:2.2.23-1.SP2_redhat_00001.1.el7eap before *

unaffected

Default status

affected

0:2.0.14-1.Final_redhat_00001.1.el7eap before *

unaffected

Default status

unaffected

Default status

affected

0:18.0.8-1.redhat_00001.1.el7sso before *

unaffected

Default status

affected

0:18.0.8-1.redhat_00001.1.el8sso before *

unaffected

Default status

affected

0:18.0.8-1.redhat_00001.1.el9sso before *

unaffected

Default status

unaffected

Default status

affected

7.6-24 before *

unaffected

Default status

unaffected

Default status

unaffected

Default status

unaffected

Default status

affected

Default status

unaffected

Default status

affected

Default status

unknown

Default status

affected

Default status

unknown

Default status

affected

Timeline

2023-02-07:	Reported to Red Hat.
2023-03-07:	Made public.

References

access.redhat.com/errata/RHSA-2023:1184 (RHSA-2023:1184) vendor-advisory

access.redhat.com/errata/RHSA-2023:1185 (RHSA-2023:1185) vendor-advisory

access.redhat.com/errata/RHSA-2023:1512 (RHSA-2023:1512) vendor-advisory

access.redhat.com/errata/RHSA-2023:1513 (RHSA-2023:1513) vendor-advisory

access.redhat.com/errata/RHSA-2023:1514 (RHSA-2023:1514) vendor-advisory

access.redhat.com/errata/RHSA-2023:1516 (RHSA-2023:1516) vendor-advisory

access.redhat.com/errata/RHSA-2023:2135 (RHSA-2023:2135) vendor-advisory

access.redhat.com/errata/RHSA-2023:3883 (RHSA-2023:3883) vendor-advisory

access.redhat.com/errata/RHSA-2023:3884 (RHSA-2023:3884) vendor-advisory

access.redhat.com/errata/RHSA-2023:3885 (RHSA-2023:3885) vendor-advisory

access.redhat.com/errata/RHSA-2023:3888 (RHSA-2023:3888) vendor-advisory

access.redhat.com/errata/RHSA-2023:3892 (RHSA-2023:3892) vendor-advisory

access.redhat.com/errata/RHSA-2023:3954 (RHSA-2023:3954) vendor-advisory

access.redhat.com/errata/RHSA-2023:4612 (RHSA-2023:4612) vendor-advisory

access.redhat.com/security/cve/CVE-2023-1108 vdb-entry

bugzilla.redhat.com/show_bug.cgi?id=2174246 (RHBZ#2174246) issue-tracking

github.com/advisories/GHSA-m4mm-pg93-fv78

security.netapp.com/advisory/ntap-20231020-0002/

cve.org (CVE-2023-1108)

nvd.nist.gov (CVE-2023-1108)

Download JSON