CVE-2021-3597

See a problem?
Please try reporting it to the source first.
Source
https://cve.org/CVERecord?id=CVE-2021-3597
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2021-3597.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2021-3597
Aliases
Downstream
Published
2022-05-24T19:15:09.037Z
Modified
2026-03-15T22:37:25.743261Z
Severity
  • 5.9 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H CVSS Calculator
Summary
[none]
Details

A flaw was found in undertow. The HTTP2SourceChannel fails to write the final frame under some circumstances, resulting in a denial of service. The highest threat from this vulnerability is availability. This flaw affects Undertow versions prior to 2.0.35.SP1, prior to 2.2.6.SP1, prior to 2.2.7.SP1, prior to 2.0.36.SP1, prior to 2.2.9.Final and prior to 2.0.39.Final.

References

Affected packages

Git / github.com/libfuse/libfuse

Affected ranges

Type
GIT
Repo
https://github.com/libfuse/libfuse
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
ce63733284dd6519d2f4ca03c6aa8a6caa328379
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
d48d5f7b6084ec71aeb1d5a1203431b0396b0e01
Database specific 
{
    "versions": [
        {
            "introduced": "0"
        },
        {
            "last_affected": "1.0"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "2.2.6-NA"
        }
    ]
}
Type
GIT
Repo
https://github.com/undertow-io/undertow
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed
7aa46956d0171a36f39521a7b3065a8c4b8d9ad2
Introduced
8ddcc2608f58ed3377474f4e537728c5518a7862
Fixed
affeda2ad491a0523308b6e7a38e3ad92563abb1
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
7aa46956d0171a36f39521a7b3065a8c4b8d9ad2
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
93e1b161efcc9ef782cf808f4a2b9ed459b89d15
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
e7124a31fa885a1bbb69ff6d5041fb0682e2595c
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
31234d925ef7b8bb303f2630ab3e1cbd95b0f588
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
f89188efe9e1480c3d9985bdc119fffde747316d
Database specific 
{
    "versions": [
        {
            "introduced": "0"
        },
        {
            "fixed": "2.0.35"
        },
        {
            "introduced": "2.2.0"
        },
        {
            "fixed": "2.2.6"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "2.0.35-NA"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "2.0.36-NA"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "2.0.39-NA"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "2.2.7-NA"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "2.2.9-NA"
        }
    ]
}

Affected versions

2.*
2.2.0.Final
2.2.1.Final
2.2.2.Final
2.2.3.Final
2.2.4.Final
2.2.5.Final
Other
debian_version_0_95-1
debian_version_1_0-1
fuse_0_9
fuse_0_95
start

Database specific

source 
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2021-3597.json"
unresolved_ranges 
[
    {
        "events": [
            {
                "introduced": "0"
            },
            {
                "last_affected": "7.3"
            }
        ]
    },
    {
        "events": [
            {
                "introduced": "0"
            },
            {
                "last_affected": "7.4"
            }
        ]
    }
]