GHSA-fj7c-vg2v-ccrm
Suggest an improvement- Source
- https://github.com/advisories/GHSA-fj7c-vg2v-ccrm
- Import Source
- https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/07/GHSA-fj7c-vg2v-ccrm/GHSA-fj7c-vg2v-ccrm.json
- JSON Data
- https://api.osv.dev/v1/vulns/GHSA-fj7c-vg2v-ccrm
- Aliases
- Published
- 2022-07-15T21:07:20Z
- Modified
- 2024-02-16T08:20:59.411321Z
- Severity
-
- 7.5 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVSS Calculator
- Summary
- Undertow vulnerable to memory exhaustion due to buffer leak
- Details
-
Buffer leak on incoming WebSocket PONG message(s) in Undertow before 2.0.40 and 2.2.10 can lead to memory exhaustion and allow a denial of service.
- Database specific
{ "nvd_published_at": "2022-08-23T16:15:00Z", "cwe_ids": [ "CWE-400", "CWE-401" ], "severity": "HIGH", "github_reviewed": true, "github_reviewed_at": "2022-07-15T21:07:20Z" }- References
-
- https://nvd.nist.gov/vuln/detail/CVE-2021-3690
- https://github.com/undertow-io/undertow/commit/c7e84a0b7efced38506d7d1dfea5902366973877
- https://access.redhat.com/security/cve/CVE-2021-3690
- https://access.redhat.com/security/cve/cve-2021-3690#cve-cvss-v3
- https://bugzilla.redhat.com/show_bug.cgi?id=1991299
- https://github.com/undertow-io/undertow
- https://issues.redhat.com/browse/UNDERTOW-1935
- https://www.mend.io/vulnerability-database/CVE-2021-3690
Affected packages
Maven / io.undertow:undertow-core
Package
- Name
- io.undertow:undertow-core
- View open source insights on deps.dev
- Purl
- pkg:maven/io.undertow/undertow-core
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed2.0.40
Affected versions
1.*
1.0.0.Alpha1
1.0.0.Alpha2
1.0.0.Alpha3
1.0.0.Alpha4
1.0.0.Alpha5
1.0.0.Alpha6
1.0.0.Alpha7
1.0.0.Alpha8
1.0.0.Alpha9
1.0.0.Alpha10
1.0.0.Alpha11
1.0.0.Alpha12
1.0.0.Alpha13
1.0.0.Alpha14
1.0.0.Alpha15
1.0.0.Alpha16
1.0.0.Alpha17
1.0.0.Alpha18
1.0.0.Alpha19
1.0.0.Alpha20
1.0.0.Alpha21
1.0.0.Alpha22
1.0.0.Beta1
1.0.0.Beta2
1.0.0.Beta3
1.0.0.Beta4
1.0.0.Beta5
1.0.0.Beta6
1.0.0.Beta7
1.0.0.Beta8
1.0.0.Beta9
1.0.0.Beta10
1.0.0.Beta11
1.0.0.Beta12
1.0.0.Beta13
1.0.0.Beta14
1.0.0.Beta15
1.0.0.Beta16
1.0.0.Beta17
1.0.0.Beta18
1.0.0.Beta19
1.0.0.Beta20
1.0.0.Beta21
1.0.0.Beta22
1.0.0.Beta23
1.0.0.Beta24
1.0.0.Beta25
1.0.0.Beta26
1.0.0.Beta27
1.0.0.Beta28
1.0.0.Beta29
1.0.0.Beta30
1.0.0.Beta31
1.0.0.Beta32
1.0.0.Beta33
1.0.0.CR1
1.0.0.CR2
1.0.0.CR3
1.0.0.CR4
1.0.0.CR5
1.0.0.Final
1.0.1.Final
1.0.2.Final
1.0.3.Final
1.0.4.Final
1.0.5.Final
1.0.6.Final
1.0.7.Final
1.0.8.Final
1.0.9.Final
1.0.10.Final
1.0.11.Final
1.0.12.Final
1.0.13.Final
1.0.14.Final
1.0.15.Final
1.0.16.Final
1.0.17.Final
1.0.18.Final
1.0.19.Final
1.1.0.Beta1
1.1.0.Beta2
1.1.0.Beta3
1.1.0.Beta4
1.1.0.Beta5
1.1.0.Beta6
1.1.0.Beta7
1.1.0.Beta8
1.1.0.CR1
1.1.0.CR2
1.1.0.CR3
1.1.0.CR4
1.1.0.CR5
1.1.0.CR6
1.1.0.CR7
1.1.0.CR8
1.1.0.Final
1.1.1.Final
1.1.2.Final
1.1.3.Final
1.1.4.Final
1.1.5.Final
1.1.6.Final
1.1.7.Final
1.1.8.Final
1.1.9.Final
1.2.0.Beta1
1.2.0.Beta2
1.2.0.Beta3
1.2.0.Beta4
1.2.0.Beta5
1.2.0.Beta6
1.2.0.Beta7
1.2.0.Beta8
1.2.0.Beta9
1.2.0.Beta10
1.2.0.CR1
1.2.0.Final
1.2.1.Final
1.2.2.Final
1.2.3.Final
1.2.4.Final
1.2.5.Final
1.2.6.Final
1.2.7.Final
1.2.8.Final
1.2.9.Final
1.2.10.Final
1.2.11.Final
1.2.12.Final
1.3.0.Beta1
1.3.0.Beta2
1.3.0.Beta3
1.3.0.Beta4
1.3.0.Beta5
1.3.0.Beta6
1.3.0.Beta7
1.3.0.Beta8
1.3.0.Beta9
1.3.0.Beta10
1.3.0.Beta11
1.3.0.Beta12
1.3.0.Beta13
1.3.0.CR1
1.3.0.CR2
1.3.0.CR3
1.3.0.Final
1.3.1.Final
1.3.2.Final
1.3.3.Final
1.3.4.Final
1.3.5.Final
1.3.6.Final
1.3.7.Final
1.3.8.Final
1.3.9.Final
1.3.10.Final
1.3.11.Final
1.3.12.Final
1.3.13.Final
1.3.14.Final
1.3.15.Final
1.3.16.Final
1.3.17.Final
1.3.18.Final
1.3.19.Final
1.3.20.Final
1.3.21.Final
1.3.22.Final
1.3.23.Final
1.3.24.Final
1.3.25.Final
1.3.26.Final
1.3.27.Final
1.3.28.Final
1.3.29.Final
1.3.30.Final
1.3.31.Final
1.3.32.Final
1.3.33.Final
1.4.0.Beta1
1.4.0.CR1
1.4.0.CR2
1.4.0.CR3
1.4.0.CR4
1.4.0.Final
1.4.1.Final
1.4.2.Final
1.4.3.Final
1.4.4.Final
1.4.5.Final
1.4.6.Final
1.4.7.Final
1.4.8.Final
1.4.9.Final
1.4.10.Final
1.4.11.Final
1.4.12.Final
1.4.13.Final
1.4.14.Final
1.4.15.Final
1.4.16.Final
1.4.17.Final
1.4.18.Final
1.4.19.Final
1.4.20.Final
1.4.21.Final
1.4.22.Final
1.4.23.Final
1.4.24.Final
1.4.25.Final
1.4.26.Final
1.4.27.Final
1.4.28.Final
2.*
2.0.0.Alpha1
2.0.0.Beta1
2.0.0.Final
2.0.1.Final
2.0.2.Final
2.0.3.Final
2.0.4.Final
2.0.5.Final
2.0.6.Final
2.0.7.Final
2.0.8.Final
2.0.9.Final
2.0.10.Final
2.0.11.Final
2.0.12.Final
2.0.13.Final
2.0.14.Final
2.0.15.Final
2.0.16.Final
2.0.17.Final
2.0.18.Final
2.0.19.Final
2.0.20.Final
2.0.21.Final
2.0.22.Final
2.0.23.Final
2.0.24.Final
2.0.25.Final
2.0.26.Final
2.0.27.Final
2.0.28.Final
2.0.29.Final
2.0.30.Final
2.0.31.Final
2.0.32.Final
2.0.33.Final
2.0.34.Final
2.0.35.Final
2.0.36.Final
2.0.37.Final
2.0.38.Final
2.0.39.Final
Maven / io.undertow:undertow-core
Package
- Name
- io.undertow:undertow-core
- View open source insights on deps.dev
- Purl
- pkg:maven/io.undertow/undertow-core