cbcvebase.
CVE-2019-19343
published 2021-03-23

CVE-2019-19343: A flaw was found in Undertow when using Remoting as shipped in Red Hat Jboss EAP before version 7.2.4. A memory leak in HttpOpenListener due to holding remote…

high7.5CVSS 3.1
AVNACLPRNUINSUCNINAH
A flaw was found in Undertow when using Remoting as shipped in Red Hat Jboss EAP before version 7.2.4. A memory leak in HttpOpenListener due to holding remote connections indefinitely may lead to denial of service. Versions before undertow 2.0.25.SP1 and jboss-remoting 5.0.14.SP1 are believed to be vulnerable.

Affected

8 ranges
VendorProductVersion rangeFixed in
debianundertow< undertow 2.0.25-1 (forky)undertow 2.0.25-1 (forky)
redhatjboss-remoting< 5.0.145.0.14
redhatjboss-remoting
redhatjboss_enterprise_application_platform< 7.2.47.2.4
redhatundertow< 2.0.252.0.25
redhatundertow
redhatundertow
redhatundertow>= 0 < 2.0.25-12.0.25-1

CVSS provenance

nvdv3.17.5HIGHCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
osv7.5HIGH