CVE-2019-19343

2021-03-2320:23:20

CWE-400

redhat

www.cve.org

undertow

memory leak

remote connections

denial of service

EPSS

0.002

Percentile

59.1%

JSON

A flaw was found in Undertow when using Remoting as shipped in Red Hat Jboss EAP before version 7.2.4. A memory leak in HttpOpenListener due to holding remote connections indefinitely may lead to denial of service. Versions before undertow 2.0.25.SP1 and jboss-remoting 5.0.14.SP1 are believed to be vulnerable.

CNA Affected

[
  {
    "product": "Undertow",
    "vendor": "n/a",
    "versions": [
      {
        "status": "affected",
        "version": "undertow 2.0.25.SP1, jboss-remoting 5.0.14.SP1"
      }
    ]
  }
]