CVE-2021-42340

The fix for bug 63362 present in Apache Tomcat 10.1.0-M1 to 10.1.0-M5, 10.0.0-M1 to 10.0.11, 9.0.40 to 9.0.53 and 8.5.60 to 8.5.71 introduced a memory leak. The object introduced to collect metrics for HTTP upgrade connections was not released for WebSocket connections once the connection was closed. This created a memory leak that, over time, could lead to a denial of service via an OutOfMemoryError.

References

Affected packages

Git / github.com/apache/tomcat

Affected ranges

Type

GIT

Repo

https://github.com/apache/tomcat

Events

Introduced

04d663d7541a013098db3a3f81b1c23c255c12a4

Fixed

53c394049af76032bc7acab9de023013ad4fdc43

Introduced

11cce490eb67a8aca64377a22c0cea2e38896725

Fixed

454f804f3336ec980e84eb84bb6a051e349c6d3a

Introduced

e4344b6bd67359e1690312674d83710a793f1d5b

Fixed

84e18583f461778707f7fd2e25b1f0677e44e899

Introduced

Last affected

9826be4c8368c94eab1e804b456867ca1cb766c3

Introduced

Last affected

f2ab9ac8bc3f40ee9b2cb50b030c99df927f0429

Introduced

Last affected

0e59fedb28df646930c5aff945159b64d7a52260

Introduced

Last affected

8778a44d6323c1066237043a89ab2f36696916b1

Introduced

Last affected

e706972942e2c342e4a37baf5e2596f11e8a0e94

Introduced

Last affected

2a10c8d9110d7b1c7f526f3352648c6b19ba2c52

Introduced

Last affected

56e547d387ab49f688c93fe9ca082b1b5d94deed

Introduced

Last affected

16bf392c67833ad549733b58c350ff92b5ee782a

Database specific

{
    "versions": [
        {
            "introduced": "8.5.60"
        },
        {
            "fixed": "8.5.72"
        },
        {
            "introduced": "9.0.40"
        },
        {
            "fixed": "9.0.54"
        },
        {
            "introduced": "10.0.1"
        },
        {
            "fixed": "10.0.12"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "10.0.0-milestone10"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "10.1.0-milestone1"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "10.1.0-milestone2"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "10.1.0-milestone3"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "10.1.0-milestone4"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "10.1.0-milestone5"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "11.0"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "9.0"
        }
    ]
}

Database specific

source

"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2021-42340.json"

unresolved_ranges

[
    {
        "events": [
            {
                "introduced": "0"
            },
            {
                "last_affected": "6.2.1.0"
            }
        ]
    },
    {
        "events": [
            {
                "introduced": "0"
            },
            {
                "fixed": "23.1"
            }
        ]
    },
    {
        "events": [
            {
                "introduced": "8.0.0.0"
            },
            {
                "last_affected": "8.5.0.2"
            }
        ]
    },
    {
        "events": [
            {
                "introduced": "0"
            },
            {
                "last_affected": "20.1.0"
            }
        ]
    },
    {
        "events": [
            {
                "introduced": "0"
            },
            {
                "last_affected": "12.2.1.3.0"
            }
        ]
    },
    {
        "events": [
            {
                "introduced": "0"
            },
            {
                "last_affected": "12.2.1.4.0"
            }
        ]
    },
    {
        "events": [
            {
                "introduced": "0"
            },
            {
                "last_affected": "12.2.1.4.0"
            }
        ]
    },
    {
        "events": [
            {
                "introduced": "0"
            },
            {
                "last_affected": "19.1"
            }
        ]
    },
    {
        "events": [
            {
                "introduced": "0"
            },
            {
                "last_affected": "20.3"
            }
        ]
    },
    {
        "events": [
            {
                "introduced": "0"
            },
            {
                "last_affected": "15.0.2"
            }
        ]
    },
    {
        "events": [
            {
                "introduced": "0"
            },
            {
                "last_affected": "16.0.2"
            }
        ]
    },
    {
        "events": [
            {
                "introduced": "0"
            },
            {
                "last_affected": "15.0.2"
            }
        ]
    },
    {
        "events": [
            {
                "introduced": "0"
            },
            {
                "last_affected": "16.0.2"
            }
        ]
    },
    {
        "events": [
            {
                "introduced": "0"
            },
            {
                "last_affected": "21.0.0"
            }
        ]
    },
    {
        "events": [
            {
                "introduced": "0"
            },
            {
                "last_affected": "16.0.1"
            }
        ]
    },
    {
        "events": [
            {
                "introduced": "0"
            },
            {
                "last_affected": "19.0.0"
            }
        ]
    },
    {
        "events": [
            {
                "introduced": "0"
            },
            {
                "last_affected": "14.0.4.13"
            }
        ]
    },
    {
        "events": [
            {
                "introduced": "0"
            },
            {
                "last_affected": "14.1.3.5"
            }
        ]
    },
    {
        "events": [
            {
                "introduced": "0"
            },
            {
                "last_affected": "14.1.3.14"
            }
        ]
    },
    {
        "events": [
            {
                "introduced": "0"
            },
            {
                "last_affected": "15.0.3.3"
            }
        ]
    },
    {
        "events": [
            {
                "introduced": "0"
            },
            {
                "last_affected": "15.0.3.8"
            }
        ]
    },
    {
        "events": [
            {
                "introduced": "0"
            },
            {
                "last_affected": "16.0.3.7"
            }
        ]
    },
    {
        "events": [
            {
                "introduced": "0"
            },
            {
                "last_affected": "9.1"
            }
        ]
    }
]