CVE-2021-3597

CWE-362 — Race Condition8 documents7 sources

Severity

5.9MEDIUM

EPSS

0.2%

top 61.84%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Redhat Undertow Redhat Fuse Redhat Jboss Enterprise Application Platform

Timeline

PublishedMay 24

Latest updateOct 15

Description

A flaw was found in undertow. The HTTP2SourceChannel fails to write the final frame under some circumstances, resulting in a denial of service. The highest threat from this vulnerability is availability. This flaw affects Undertow versions prior to 2.0.35.SP1, prior to 2.2.6.SP1, prior to 2.2.7.SP1, prior to 2.0.36.SP1, prior to 2.2.9.Final and prior to 2.0.39.Final.

CVSS vector

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:HExploitability: 2.2 | Impact: 3.6

Affected Packages6 packages

▶NVDredhat/undertow2.2.0 — 2.2.6+7

▶Mavenio.undertow:undertow-core2.1.0 — 2.2.9.Final+1

▶Debianundertow< 2.2.10-1

▶CVEListV5undertowundertow 2.0.35.SP1, undertow 2.2.6.SP1, undertow 2.2.7.SP1, undertow 2.0.36.SP1, undertow 2.2.9.Final, undertow 2.0.39.Final

▶NVDredhat/fuse1.0

🔴Vulnerability Details

OSV

undertow Race Condition vulnerability↗2022-05-25

▶

GHSA

undertow Race Condition vulnerability↗2022-05-25

▶

CVEList

CVE-2021-3597: A flaw was found in undertow↗2022-05-24

▶

OSV

CVE-2021-3597: A flaw was found in undertow↗2022-05-24

▶

📋Vendor Advisories

Oracle

Oracle Oracle Communications Risk Matrix: Signaling (undertow) — CVE-2021-3597↗2022-10-15

▶

Red Hat

undertow: HTTP2SourceChannel fails to write final frame under some circumstances may lead to DoS↗2021-06-11

▶

Debian

CVE-2021-3597: undertow - A flaw was found in undertow. The HTTP2SourceChannel fails to write the final fr...↗2021

▶