CVE-2021-3690

Summary

A flaw was found in Undertow. A buffer leak on the incoming WebSocket PONG message may lead to memory exhaustion. This flaw allows an attacker to cause a denial of service. The highest threat from this vulnerability is availability.

Affected Software

VendorProductVersion RangeStatus
n/aundertowFixed in 2.2.10.Final, 2.0.40.Finalaffected

Weaknesses

  • CWE-400: CWE-400 - Uncontrolled Resource Consumption

ADP Enrichment

CVE Program Container

Additional References

References