We use these services and cookies to improve your user experience. You may opt out if you wish, however, this may limit some features on this site.

Please see our statement on Data Privacy.

Crisp.chat (Helpdesk and Chat)

Ok

THREATINT
PUBLISHED

CVE-2024-5971

Undertow: response write hangs in case of java 17 tlsv1.3 newsessionticket



Description

A vulnerability was found in Undertow, where the chunked response hangs after the body was flushed. The response headers and body were sent but the client would continue waiting as Undertow does not send the expected 0\r\n termination of the chunked response. This results in uncontrolled resource consumption, leaving the server side to a denial of service attack. This happens only with Java 17 TLSv1.3 scenarios.

Reserved 2024-06-13 | Published 2024-07-08 | Updated 2025-03-03 | Assigner redhat


HIGH: 7.5CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Problem types

Uncontrolled Recursion

Product status

Any version before 2.2.34.Final
affected

2.3.0.Alpha1 before 2.3.15.Final
affected

Default status
unaffected

Default status
unaffected

Default status
unaffected

Default status
unaffected

Default status
affected

0:2.2.33-1.SP1_redhat_00001.1.el8eap before *
unaffected

Default status
affected

0:2.2.33-1.SP1_redhat_00001.1.el9eap before *
unaffected

Default status
affected

0:2.2.33-1.SP1_redhat_00001.1.el7eap before *
unaffected

Default status
unaffected

Default status
affected

Default status
affected

Default status
affected

Default status
affected

Default status
unaffected

Default status
affected

Default status
affected

Default status
unknown

Default status
unaffected

Default status
unknown

Default status
affected

Timeline

2024-06-13:Reported to Red Hat.
2024-07-08:Made public.

References

access.redhat.com/errata/RHSA-2024:4392 (RHSA-2024:4392) vendor-advisory

access.redhat.com/errata/RHSA-2024:4884 (RHSA-2024:4884) vendor-advisory

access.redhat.com/errata/RHSA-2024:5143 (RHSA-2024:5143) vendor-advisory

access.redhat.com/errata/RHSA-2024:5144 (RHSA-2024:5144) vendor-advisory

access.redhat.com/errata/RHSA-2024:5145 (RHSA-2024:5145) vendor-advisory

access.redhat.com/errata/RHSA-2024:5147 (RHSA-2024:5147) vendor-advisory

access.redhat.com/errata/RHSA-2024:6508 (RHSA-2024:6508) vendor-advisory

access.redhat.com/errata/RHSA-2024:6883 (RHSA-2024:6883) vendor-advisory

access.redhat.com/security/cve/CVE-2024-5971 vdb-entry

bugzilla.redhat.com/show_bug.cgi?id=2292211 (RHBZ#2292211) issue-tracking

cve.org (CVE-2024-5971)

nvd.nist.gov (CVE-2024-5971)

Download JSON

Share this page
https://cve.threatint.eu/CVE/CVE-2024-5971

Support options

Helpdesk Chat, Email, Knowledgebase