7.5
CVE-2023-3223
- EPSS 2.04%
- Veröffentlicht 27.09.2023 15:18:56
- Zuletzt bearbeitet 21.11.2024 08:16:44
- Quelle secalert@redhat.com
- CVE-Watchlists
- Unerledigt
Undertow: outofmemoryerror due to @multipartconfig handling
A flaw was found in undertow. Servlets annotated with @MultipartConfig may cause an OutOfMemoryError due to large multipart content. This may allow unauthorized users to cause remote Denial of Service (DoS) attack. If the server uses fileSizeThreshold to limit the file size, it's possible to bypass the limit by setting the file name in the request to null.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Redhat ≫ Openshift Container Platform Version4.11
Redhat ≫ Openshift Container Platform Version4.12
Redhat ≫ Openshift Container Platform For Ibm Linuxone Version4.9
Redhat ≫ Openshift Container Platform For Ibm Linuxone Version4.10
Redhat ≫ Openshift Container Platform For Power Version4.9
Redhat ≫ Openshift Container Platform For Power Version4.10
Redhat ≫ Single Sign-on Version- SwEditiontext-only
Redhat ≫ Single Sign-on Version7.6
Redhat ≫ Enterprise Linux Version7.0
Redhat ≫ Enterprise Linux Version8.0
Redhat ≫ Enterprise Linux Version9.0
Redhat ≫ Enterprise Linux Version8.0
Redhat ≫ Enterprise Linux Version9.0
Redhat ≫ Jboss Enterprise Application Platform Version7.4
Redhat ≫ Enterprise Linux Version7.0
Redhat ≫ Enterprise Linux Version8.0
Redhat ≫ Enterprise Linux Version9.0
Redhat ≫ Enterprise Linux Version8.0
Redhat ≫ Enterprise Linux Version9.0
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 2.04% | 0.787 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 7.5 | 3.9 | 3.6 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
|
| secalert@redhat.com | 7.5 | 3.9 | 3.6 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
|
CWE-789 Memory Allocation with Excessive Size Value
The product allocates memory based on an untrusted, large size value, but it does not ensure that the size is within expected limits, allowing arbitrary amounts of memory to be allocated.
https://access.redhat.com/errata/RHSA-2023:4505
https://access.redhat.com/errata/RHSA-2023:4506
https://access.redhat.com/errata/RHSA-2023:4507
https://access.redhat.com/errata/RHSA-2023:4509
https://access.redhat.com/errata/RHSA-2023:4918
https://access.redhat.com/errata/RHSA-2023:4919
https://access.redhat.com/errata/RHSA-2023:4920
https://access.redhat.com/errata/RHSA-2023:4921
https://access.redhat.com/errata/RHSA-2023:4924
https://access.redhat.com/errata/RHSA-2023:7247
https://access.redhat.com/security/cve/CVE-2023-3223
https://bugzilla.redhat.com/show_bug.cgi?id=2209689
https://security.netapp.com/advisory/ntap-20231027-0004/