CVE-2024-5971 | THREATINT

Description

A vulnerability was found in Undertow, where the chunked response hangs after the body was flushed. The response headers and body were sent but the client would continue waiting as Undertow does not send the expected 0\r\n termination of the chunked response. This results in uncontrolled resource consumption, leaving the server side to a denial of service attack. This happens only with Java 17 TLSv1.3 scenarios.

PUBLISHED Reserved 2024-06-13 | Published 2024-07-08 | Updated 2025-11-07 | Assigner redhat

HIGH: 7.5CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Problem types

Uncontrolled Recursion

Product status

Any version before 2.2.34.Final

affected

2.3.0.Alpha1 (custom) before 2.3.15.Final

affected

Default status

unaffected

Default status

unaffected

Default status

unaffected

Default status

unaffected

Default status

affected

0:2.2.33-1.SP1_redhat_00001.1.el8eap (rpm) before *

unaffected

Default status

affected

0:2.2.33-1.SP1_redhat_00001.1.el9eap (rpm) before *

unaffected

Default status

affected

0:2.2.33-1.SP1_redhat_00001.1.el7eap (rpm) before *

unaffected

Default status

unaffected

Default status

affected

Default status

affected

Default status

unaffected

Default status

unaffected

Default status

unaffected

Default status

affected

Default status

affected

Default status

unknown

Default status

unaffected

Default status

unaffected

Default status

unknown

Default status

unaffected

Timeline

2024-06-13:	Reported to Red Hat.
2024-07-08:	Made public.

References

access.redhat.com/errata/RHSA-2024:4392 (RHSA-2024:4392) vendor-advisory

access.redhat.com/errata/RHSA-2024:4884 (RHSA-2024:4884) vendor-advisory

access.redhat.com/security/cve/CVE-2024-5971 vdb-entry

bugzilla.redhat.com/show_bug.cgi?id=2292211 (RHBZ#2292211) issue-tracking

security.netapp.com/advisory/ntap-20240828-0001/

access.redhat.com/errata/RHSA-2024:4392 (RHSA-2024:4392) vendor-advisory

access.redhat.com/errata/RHSA-2024:4884 (RHSA-2024:4884) vendor-advisory

access.redhat.com/errata/RHSA-2024:5143 (RHSA-2024:5143) vendor-advisory

access.redhat.com/errata/RHSA-2024:5144 (RHSA-2024:5144) vendor-advisory

access.redhat.com/errata/RHSA-2024:5145 (RHSA-2024:5145) vendor-advisory

access.redhat.com/errata/RHSA-2024:5147 (RHSA-2024:5147) vendor-advisory

access.redhat.com/errata/RHSA-2024:6508 (RHSA-2024:6508) vendor-advisory

access.redhat.com/errata/RHSA-2024:6883 (RHSA-2024:6883) vendor-advisory

access.redhat.com/security/cve/CVE-2024-5971 vdb-entry

bugzilla.redhat.com/show_bug.cgi?id=2292211 (RHBZ#2292211) issue-tracking

cve.org (CVE-2024-5971)

nvd.nist.gov (CVE-2024-5971)

Download JSON

Data based on CVE®. Copyright © 1999-2025, The MITRE Corporation. All rights reserved.

help @ threatint.eu