CVE-2022-1259

A flaw was found in Undertow. A potential security issue in flow control handling by the browser over HTTP/2 may cause overhead or a denial of service in the server. This flaw exists because of an incomplete fix for CVE-2021-3629.

References

Affected packages

Git / github.com/undertow-io/undertow

Affected ranges

Type

GIT

Repo

https://github.com/undertow-io/undertow

Events

Introduced

Last affected

83a40d3b6a722709fbbccc7f0ff326607fcbd11c

Introduced

Last affected

eaf81c960af8692ad5b8afa2f4dc53076228c922

Introduced

Last affected

2ec4d952b6c3d7c259a5dfe9a01e539b5c2ba230

Database specific

{
    "versions": [
        {
            "introduced": "0"
        },
        {
            "last_affected": "2.2.17"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "2.2.18"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "2.2.19"
        }
    ]
}

Affected versions

1.*

1.0.0.Alpha1

1.0.0.Alpha10

1.0.0.Alpha11

1.0.0.Alpha12

1.0.0.Alpha13

1.0.0.Alpha14

1.0.0.Alpha15

1.0.0.Alpha16

1.0.0.Alpha17

1.0.0.Alpha18

1.0.0.Alpha19

1.0.0.Alpha2

1.0.0.Alpha20

1.0.0.Alpha21

1.0.0.Alpha22

1.0.0.Alpha3

1.0.0.Alpha4

1.0.0.Alpha5

1.0.0.Alpha6

1.0.0.Alpha7

1.0.0.Alpha8

1.0.0.Alpha9

1.0.0.Beta1

1.0.0.Beta10

1.0.0.Beta11

1.0.0.Beta12

1.0.0.Beta13

1.0.0.Beta14

1.0.0.Beta15

1.0.0.Beta16

1.0.0.Beta17

1.0.0.Beta18

1.0.0.Beta19

1.0.0.Beta2

1.0.0.Beta20

1.0.0.Beta21

1.0.0.Beta22

1.0.0.Beta23

1.0.0.Beta24

1.0.0.Beta25

1.0.0.Beta26

1.0.0.Beta27

1.0.0.Beta28

1.0.0.Beta29

1.0.0.Beta3

1.0.0.Beta30

1.0.0.Beta31

1.0.0.Beta32

1.0.0.Beta33

1.0.0.Beta4

1.0.0.Beta5

1.0.0.Beta6

1.0.0.Beta7

1.0.0.Beta8

1.0.0.Beta9

1.0.0.CR1

1.0.0.CR2

1.0.0.CR3

1.0.0.CR4

1.0.0.Final

1.0.1.Final

1.0.2.Final

1.0.3.Final

1.1.0.Beta1

1.1.0.Beta2

1.1.0.Beta3

1.1.0.Beta4

1.1.0.Beta5

1.1.0.Beta6

1.1.0.Beta7

1.1.0.Beta8

1.2.0.Beta1

1.2.0.Beta10

1.2.0.Beta2

1.2.0.Beta3

1.2.0.Beta4

1.2.0.Beta5

1.2.0.Beta6

1.2.0.Beta7

1.2.0.Beta8

1.2.0.Beta9

1.2.0.CR1

1.2.0.Final

1.2.1.Final

1.2.2.Final

1.2.3.Final

1.2.4.Final

1.3.0.Beta1

1.3.0.Beta10

1.3.0.Beta11

1.3.0.Beta12

1.3.0.Beta13

1.3.0.Beta2

1.3.0.Beta3

1.3.0.Beta4

1.3.0.Beta5

1.3.0.Beta6

1.3.0.Beta7

1.3.0.Beta8

1.3.0.Beta9

1.3.0.CR1

1.3.0.CR2

1.3.0.CR3

1.3.0.Final

1.3.1.Final

1.3.2.Final

1.3.3.Final

2.*

2.0.0.Alpha1

2.0.0.Beta1

2.0.0.Final

2.0.1.Final

2.0.10.Final

2.0.11.Final

2.0.12.Final

2.0.13.Final

2.0.14.Final

2.0.15.Final

2.0.16.Final

2.0.17.Final

2.0.2.Final

2.0.20.Final

2.0.21.Final

2.0.22.Final

2.0.23.Final

2.0.24.Final

2.0.25.Final

2.0.26.Final

2.0.27.Final

2.0.28.Final

2.0.29.Final

2.0.3.Final

2.0.4.Final

2.0.5.Final

2.0.6.Final

2.0.7.Final

2.0.8.Final

2.0.9.Final

2.1.0.Final

2.1.1.Final

2.1.2.Final

2.1.3.Final

2.1.4.Final

2.2.0.Final

2.2.1.Final

2.2.10.Final

2.2.11.Final

2.2.12.Final

2.2.13.Final

2.2.14.Final

2.2.15.Final

2.2.16.Final

2.2.17.Final

2.2.2.Final

2.2.3.Final

2.2.4.Final

2.2.5.Final

2.2.6.Final

2.2.7.Final

2.2.8.Final

2.2.9.Final

Database specific

source

"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2022-1259.json"

unresolved_ranges

[
    {
        "events": [
            {
                "introduced": "0"
            },
            {
                "last_affected": "7.0.0"
            }
        ]
    },
    {
        "events": [
            {
                "introduced": "0"
            },
            {
                "last_affected": "7.0"
            }
        ]
    }
]