Description

A flaw was found in undertow. The HTTP2SourceChannel fails to write the final frame under some circumstances, resulting in a denial of service. The highest threat from this vulnerability is availability. This flaw affects Undertow versions prior to 2.0.35.SP1, prior to 2.2.6.SP1, prior to 2.2.7.SP1, prior to 2.0.36.SP1, prior to 2.2.9.Final and prior to 2.0.39.Final.

Remediation

References

https://bugzilla.redhat.com/show_bug.cgi?id=1970930

https://security.netapp.com/advisory/ntap-20220804-0003/

Related Vulnerabilities

CVE-2022-0764 Vulnerability in npm package strapi

CVE-2019-19771 Vulnerability in npm package bictore-lib

CVE-2022-34112 Vulnerability in maven package io.dataease:dataease-plugin-common

CVE-2019-16776 Vulnerability in maven package org.webjars.npm:npm

CVE-2023-37754 Vulnerability in maven package tech.powerjob:powerjob-common

Severity

Medium

Classification

CWE-362 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H

Tags

Issue Tracking Third Party Advisory