undertow Race Condition vulnerability

GHSA-mfhv-gwf8-4m88 · CVE-2021-3597

Published May 25, 2022 · Modified Feb 17, 2024

Description

A flaw was found in undertow. The HTTP2SourceChannel fails to write the final frame under some circumstances, resulting in a denial of service. The highest threat from this vulnerability is availability. This flaw affects Undertow versions prior to 2.0.35.SP1, prior to 2.2.6.SP1, prior to 2.2.7.SP1, prior to 2.0.36.SP1, prior to 2.2.9.Final and prior to 2.0.39.Final.

References

ADVISORY https://nvd.nist.gov/vuln/detail/CVE-2021-3597
WEB https://bugzilla.redhat.com/show_bug.cgi?id=1970930
PACKAGE https://github.com/undertow-io/undertow
WEB https://security.netapp.com/advisory/ntap-20220804-0003

Ready to move

Start Securing

Start for Free Get Demo

Free, no credit card | First findings in minutes