First published: Thu Sep 14 2023(Updated: )
A flaw was found in undertow. This issue makes achieving a denial of service possible due to an unexpected handshake status updated in SslConduit, where the loop never terminates.
Affected Software | Affected Version | How to fix |
---|---|---|
maven/io.undertow:undertow-core | <2.2.24.Final | 2.2.24.Final |
maven/io.undertow:undertow-core | >=2.3.0<2.3.5.Final | 2.3.5.Final |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
The vulnerability ID is GHSA-m4mm-pg93-fv78.
The severity of GHSA-m4mm-pg93-fv78 is high with a severity value of 7.5.
GHSA-m4mm-pg93-fv78 allows for a denial of service attack by causing an unexpected handshake status update in SslConduit, resulting in a loop that never terminates.
The affected software packages are io.undertow:undertow-core version up to exclusive 2.2.24.Final and io.undertow:undertow-core version between inclusive exclusive 2.3.0 and 2.3.5.Final.
More information about GHSA-m4mm-pg93-fv78 can be found at the following references: CVE-2023-1108, RHSA-2023:1184, and RHSA-2023:1185.