Lucene search

K
cvelistRedhatCVELIST:CVE-2021-3690
HistoryAug 23, 2022 - 3:50 p.m.

CVE-2021-3690

2022-08-2315:50:35
CWE-400
redhat
www.cve.org
8
undertow
websocket
buffer leak
denial of service
vulnerability
memory exhaustion
availability

AI Score

7.4

Confidence

High

EPSS

0.001

Percentile

47.2%

A flaw was found in Undertow. A buffer leak on the incoming WebSocket PONG message may lead to memory exhaustion. This flaw allows an attacker to cause a denial of service. The highest threat from this vulnerability is availability.

CNA Affected

[
  {
    "product": "undertow",
    "vendor": "n/a",
    "versions": [
      {
        "status": "affected",
        "version": "Fixed in 2.2.10.Final, 2.0.40.Final"
      }
    ]
  }
]

AI Score

7.4

Confidence

High

EPSS

0.001

Percentile

47.2%