What is the vulnerability ID?

The vulnerability ID is GHSA-m4mm-pg93-fv78.

What is the severity of GHSA-m4mm-pg93-fv78?

The severity of GHSA-m4mm-pg93-fv78 is high with a severity value of 7.5.

How does GHSA-m4mm-pg93-fv78 allow for a denial of service attack?

GHSA-m4mm-pg93-fv78 allows for a denial of service attack by causing an unexpected handshake status update in SslConduit, resulting in a loop that never terminates.

What software packages are affected by GHSA-m4mm-pg93-fv78?

The affected software packages are io.undertow:undertow-core version up to exclusive 2.2.24.Final and io.undertow:undertow-core version between inclusive exclusive 2.3.0 and 2.3.5.Final.

Where can I find more information about GHSA-m4mm-pg93-fv78?

More information about GHSA-m4mm-pg93-fv78 can be found at the following references: CVE-2023-1108, RHSA-2023:1184, and RHSA-2023:1185.

vuln-group

GHSA-m4mm-pg93-fv78

Severity: high (7.5)

First published: Thu Sep 14 2023

Last modified: Thu Sep 21 2023

CWE: 835

A flaw was found in undertow. This issue makes achieving a denial of service possible due to an unexpected handshake status updated in SslConduit, where the loop never terminates.

Any of

maven/io.undertow:undertow-core
<2.2.24.Final
fixed in: 2.2.24.Final
maven/io.undertow:undertow-core
>=2.3.0<2.3.5.Final
fixed in: 2.3.5.Final

FAQ

What is the vulnerability ID?
The vulnerability ID is GHSA-m4mm-pg93-fv78.
What is the severity of GHSA-m4mm-pg93-fv78?
The severity of GHSA-m4mm-pg93-fv78 is high with a severity value of 7.5.
How does GHSA-m4mm-pg93-fv78 allow for a denial of service attack?
GHSA-m4mm-pg93-fv78 allows for a denial of service attack by causing an unexpected handshake status update in SslConduit, resulting in a loop that never terminates.
What software packages are affected by GHSA-m4mm-pg93-fv78?
The affected software packages are io.undertow:undertow-core version up to exclusive 2.2.24.Final and io.undertow:undertow-core version between inclusive exclusive 2.3.0 and 2.3.5.Final.
Where can I find more information about GHSA-m4mm-pg93-fv78?
More information about GHSA-m4mm-pg93-fv78 can be found at the following references: CVE-2023-1108, RHSA-2023:1184, and RHSA-2023:1185.

Reference Links

collector/github-advisory-latest
alias/GHSA-m4mm-pg93-fv78
alias/CVE-2023-1108
package-manager/maven

FAQ

What is the vulnerability ID?
The vulnerability ID is GHSA-m4mm-pg93-fv78.
What is the severity of GHSA-m4mm-pg93-fv78?
The severity of GHSA-m4mm-pg93-fv78 is high with a severity value of 7.5.
How does GHSA-m4mm-pg93-fv78 allow for a denial of service attack?
GHSA-m4mm-pg93-fv78 allows for a denial of service attack by causing an unexpected handshake status update in SslConduit, resulting in a loop that never terminates.
What software packages are affected by GHSA-m4mm-pg93-fv78?
The affected software packages are io.undertow:undertow-core version up to exclusive 2.2.24.Final and io.undertow:undertow-core version between inclusive exclusive 2.3.0 and 2.3.5.Final.
Where can I find more information about GHSA-m4mm-pg93-fv78?
More information about GHSA-m4mm-pg93-fv78 can be found at the following references: CVE-2023-1108, RHSA-2023:1184, and RHSA-2023:1185.

GHSA-m4mm-pg93-fv78

Any of

FAQ

What is the vulnerability ID?

What is the severity of GHSA-m4mm-pg93-fv78?

How does GHSA-m4mm-pg93-fv78 allow for a denial of service attack?

What software packages are affected by GHSA-m4mm-pg93-fv78?

Where can I find more information about GHSA-m4mm-pg93-fv78?

Reference Links

Navigation

FAQ

What is the vulnerability ID?

What is the severity of GHSA-m4mm-pg93-fv78?

How does GHSA-m4mm-pg93-fv78 allow for a denial of service attack?

What software packages are affected by GHSA-m4mm-pg93-fv78?

Where can I find more information about GHSA-m4mm-pg93-fv78?