CVE-2023-1108

CWE-8358 documents7 sources

Severity

7.5HIGH

EPSS

0.6%

top 31.50%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Redhat Undertow Redhat Decision Manager Redhat Fuse +7 more

Timeline

PublishedSep 14

Latest updateJan 15

Description

A flaw was found in undertow. This issue makes achieving a denial of service possible due to an unexpected handshake status updated in SslConduit, where the loop never terminates.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:HExploitability: 3.9 | Impact: 3.6

Affected Packages9 packages

▶NVDredhat/undertow2.3.0 — 2.3.5+1

▶Mavenio.undertow:undertow-core2.3.0 — 2.3.5.Final+1

▶Debianundertow< 2.3.8-2

▶NVDredhat/fuse1.0.0

▶NVDredhat/single_sign-on7.6

Also affects: Openshift Container Platform 4.11, 4.12, 4.10, 4.9

🔴Vulnerability Details

GHSA

Undertow denial of service vulnerability↗2023-09-14

▶

OSV

Undertow denial of service vulnerability↗2023-09-14

▶

CVEList

Undertow: infinite loop in sslconduit during close↗2023-09-14

▶

OSV

CVE-2023-1108: A flaw was found in undertow↗2023-09-14

▶

📋Vendor Advisories

Oracle

Oracle Oracle Communications Risk Matrix: Signaling (Undertow) — CVE-2023-1108↗2024-01-15

▶

Red Hat

Undertow: Infinite loop in SslConduit during close↗2023-03-07

▶

Debian

CVE-2023-1108: undertow - A flaw was found in undertow. This issue makes achieving a denial of service pos...↗2023

▶