UBUNTU-CVE-2023-3223

See a problem?
Please try reporting it to the source first.

Source

https://ubuntu.com/security/CVE-2023-3223

Import Source

https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2023/UBUNTU-CVE-2023-3223.json

JSON Data

https://api.osv.dev/v1/vulns/UBUNTU-CVE-2023-3223

Published

2023-09-27T15:18:00Z

Modified

2025-07-14T06:35:20.511458Z

Upstream

CVE-2023-3223

Severity

7.5 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVSS Calculator
7.5 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVSS Calculator
- medium

Summary

[none]

Details

A flaw was found in undertow. Servlets annotated with @MultipartConfig may cause an OutOfMemoryError due to large multipart content. This may allow unauthorized users to cause remote Denial of Service (DoS) attack. If the server uses fileSizeThreshold to limit the file size, it's possible to bypass the limit by setting the file name in the request to null.

References

Affected packages

Ubuntu:Pro:16.04:LTS / undertow

Package

Name: undertow
Purl: pkg:deb/ubuntu/undertow@1.3.16-1?arch=source&distro=esm-apps/xenial

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

1.*

1.3.4-1

1.3.5-1

1.3.7-1

1.3.11-1

1.3.16-1

Ubuntu:Pro:18.04:LTS / undertow

Package

Name: undertow
Purl: pkg:deb/ubuntu/undertow@1.4.23-3?arch=source&distro=esm-apps/bionic

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

1.*

1.4.20-1

1.4.21-1

1.4.22-1

1.4.23-1

1.4.23-2build1

1.4.23-3

Ubuntu:Pro:20.04:LTS / undertow

Package

Name: undertow
Purl: pkg:deb/ubuntu/undertow@2.0.29-1?arch=source&distro=esm-apps/focal

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

2.*

2.0.23-1

2.0.27-1

2.0.28-1

2.0.29-1

Ubuntu:22.04:LTS / undertow

Package

Name: undertow
Purl: pkg:deb/ubuntu/undertow@2.2.16-1?arch=source&distro=jammy

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

2.*

2.2.8-1

2.2.12-1

2.2.13-1

2.2.14-1

2.2.16-1

Ubuntu:24.04:LTS / undertow

Package

Name: undertow
Purl: pkg:deb/ubuntu/undertow@2.3.8-2?arch=source&distro=noble

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

2.*

2.3.8-2

Ubuntu:25.04 / undertow

Package

Name: undertow
Purl: pkg:deb/ubuntu/undertow@2.3.18-1?arch=source&distro=plucky

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

2.*

2.3.8-2

2.3.18-1