7.5

CVE-2021-3690

Exploit
A flaw was found in Undertow. A buffer leak on the incoming WebSocket PONG message may lead to memory exhaustion. This flaw allows an attacker to cause a denial of service. The highest threat from this vulnerability is availability.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
RedhatFuse Version1.0
RedhatJboss Enterprise Application Platform Version- SwEditiontext-only
RedhatOpenshift Application Runtimes Version- SwEditiontext-only
RedhatSingle Sign-on Version- SwEditiontext-only
RedhatUndertow Version < 2.0.40
RedhatUndertow Version >= 2.1.0 < 2.2.10
RedhatJboss Enterprise Application Platform Version7.3
   RedhatEnterprise Linux Version6.0
   RedhatEnterprise Linux Version7.0
   RedhatEnterprise Linux Version8.0
RedhatJboss Enterprise Application Platform Version7.4
   RedhatEnterprise Linux Version7.0
   RedhatEnterprise Linux Version8.0
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 1.38% 0.685
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 7.5 3.9 3.6
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
CWE-400 Uncontrolled Resource Consumption

The product does not properly control the allocation and maintenance of a limited resource.

CWE-401 Missing Release of Memory after Effective Lifetime

The product does not sufficiently track and release allocated memory after it has been used, making the memory unavailable for reallocation and reuse.

https://access.redhat.com/security/cve/CVE-2021-3690
Vendor Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=1991299
Vendor Advisory
Issue Tracking
https://github.com/undertow-io/undertow/commit/c7e84a0b7efced38506d7d1dfea5902366973877
Patch
Third Party Advisory
https://issues.redhat.com/browse/UNDERTOW-1935
Vendor Advisory
Exploit
Issue Tracking
Mitigation