7.5
CVE-2021-3690
- EPSS 1.38%
- Veröffentlicht 23.08.2022 16:15:09
- Zuletzt bearbeitet 21.11.2024 06:22:09
- Quelle secalert@redhat.com
- CVE-Watchlists
- Unerledigt
A flaw was found in Undertow. A buffer leak on the incoming WebSocket PONG message may lead to memory exhaustion. This flaw allows an attacker to cause a denial of service. The highest threat from this vulnerability is availability.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Redhat ≫ Integration Camel K Version-
Redhat ≫ Integration Camel Quarkus Version-
Redhat ≫ Jboss Enterprise Application Platform Version- SwEditiontext-only
Redhat ≫ Openshift Application Runtimes Version- SwEditiontext-only
Redhat ≫ Single Sign-on Version- SwEditiontext-only
Redhat ≫ Jboss Enterprise Application Platform Version7.3
Redhat ≫ Enterprise Linux Version6.0
Redhat ≫ Enterprise Linux Version7.0
Redhat ≫ Enterprise Linux Version8.0
Redhat ≫ Enterprise Linux Version7.0
Redhat ≫ Enterprise Linux Version8.0
Redhat ≫ Jboss Enterprise Application Platform Version7.4
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 1.38% | 0.685 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 7.5 | 3.9 | 3.6 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
|
CWE-400 Uncontrolled Resource Consumption
The product does not properly control the allocation and maintenance of a limited resource.
CWE-401 Missing Release of Memory after Effective Lifetime
The product does not sufficiently track and release allocated memory after it has been used, making the memory unavailable for reallocation and reuse.
https://access.redhat.com/security/cve/CVE-2021-3690
https://bugzilla.redhat.com/show_bug.cgi?id=1991299
https://github.com/undertow-io/undertow/commit/c7e84a0b7efced38506d7d1dfea5902366973877
https://issues.redhat.com/browse/UNDERTOW-1935