CVE-2021-3597
N/A
N/A
Summary
A flaw was found in undertow. The HTTP2SourceChannel fails to write the final frame under some circumstances, resulting in a denial of service. The highest threat from this vulnerability is availability. This flaw affects Undertow versions prior to 2.0.35.SP1, prior to 2.2.6.SP1, prior to 2.2.7.SP1, prior to 2.0.36.SP1, prior to 2.2.9.Final and prior to 2.0.39.Final.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| n/a | undertow | undertow 2.0.35.SP1, undertow 2.2.6.SP1, undertow 2.2.7.SP1, undertow 2.0.36.SP1, undertow 2.2.9.Final, undertow 2.0.39.Final | affected |
Weaknesses
- CWE-362: CWE-362
ADP Enrichment
CVE Program Container
Additional References
- https://bugzilla.redhat.com/show_bug.cgi?id=1970930
- https://security.netapp.com/advisory/ntap-20220804-0003/
References
- https://bugzilla.redhat.com/show_bug.cgi?id=1970930
- https://security.netapp.com/advisory/ntap-20220804-0003/
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.