CVE-2021-3690
Severity CVSS v4.0:
Pending analysis
Type:
Unavailable / Other
Publication date:
23/08/2022
Last modified:
07/07/2023
Description
A flaw was found in Undertow. A buffer leak on the incoming WebSocket PONG message may lead to memory exhaustion. This flaw allows an attacker to cause a denial of service. The highest threat from this vulnerability is availability.
Impact
Base Score 3.x
7.50
Severity 3.x
HIGH
Vulnerable products and versions
| CPE | From | Up to |
|---|---|---|
| cpe:2.3:a:redhat:fuse:1.0:*:*:*:*:*:*:* | ||
| cpe:2.3:a:redhat:integration_camel_k:-:*:*:*:*:*:*:* | ||
| cpe:2.3:a:redhat:integration_camel_quarkus:-:*:*:*:*:*:*:* | ||
| cpe:2.3:a:redhat:jboss_enterprise_application_platform:-:*:*:*:text-only:*:*:* | ||
| cpe:2.3:a:redhat:openshift_application_runtimes:-:*:*:*:text-only:*:*:* | ||
| cpe:2.3:a:redhat:single_sign-on:-:*:*:*:text-only:*:*:* | ||
| cpe:2.3:a:redhat:undertow:*:*:*:*:*:*:*:* | 2.0.40 (excluding) | |
| cpe:2.3:a:redhat:undertow:*:*:*:*:*:*:*:* | 2.1.0 (including) | 2.2.10 (excluding) |
| cpe:2.3:a:redhat:jboss_enterprise_application_platform:7.3:*:*:*:*:*:*:* | ||
| cpe:2.3:o:redhat:enterprise_linux:6.0:*:*:*:*:*:*:* | ||
| cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:* | ||
| cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:* | ||
| cpe:2.3:a:redhat:jboss_enterprise_application_platform:7.4:*:*:*:*:*:*:* | ||
| cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:* | ||
| cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:* |
To consult the complete list of CPE names with products and versions, see this page