EUVD-2023-2542

🗓️ 03 Oct 2025 20:07:09Reported by EUVDType

Flaw in Undertow allows denial of service due to non-terminating loop in SslConduit handshake status.

Reporter	Title	Published	Views	Family All 78
IBM Security Bulletins	Security Bulletin: Multiple security vulnerabilities affecting Watson Knowledge Catalog for IBM Cloud Pak for Data	5 Jul 202318:31	–	ibm
IBM Security Bulletins	Security Bulletin: Multiple security vulnerabilities are addressed with IBM Business Automation Manager Open Editions 8.0.3	18 Jun 202414:01	–	ibm
IBM Security Bulletins	Security Bulletin: IBM InfoSphere Information Server is affected but not vulnerable to multiple vulnerabilities in Undertow	14 Jul 202321:09	–	ibm
ATTACKERKB	CVE-2023-1108	14 Sep 202315:15	–	attackerkb
BDU FSTEC	The vulnerability of the Undertow web server, related to executing a loop with an unavailable exit condition, allows attackers to cause a service failure.	12 Apr 202300:00	–	bdu_fstec
Circl	CVE-2023-1108	14 Sep 202318:24	–	circl
CNNVD	Red Hat JBoss Enterprise Application Platform 安全漏洞	10 Mar 202300:00	–	cnnvd
CVE	CVE-2023-1108	14 Sep 202314:48	–	cve
Cvelist	CVE-2023-1108 Undertow: infinite loop in sslconduit during close	14 Sep 202314:48	–	cvelist
Debian CVE	CVE-2023-1108	14 Sep 202314:48	–	debiancve

[
  {
    "enisaIdVendor": [
      {
        "id": "1793ad96-9287-3cbe-920e-27296fcb12bc",
        "vendor": {
          "name": "Red Hat"
        }
      }
    ],
    "enisaIdProduct": [
      {
        "id": "089453da-0310-3eee-8fb0-37f2d7f28f42",
        "product": {
          "name": "Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 8"
        },
        "product_version": "patch: 0:7.4.9-6.GA_redhat_00004.1.el8eap"
      },
      {
        "id": "1cfb613d-f5e0-3c9a-ab5c-8587c9d854f4",
        "product": {
          "name": "Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 8"
        },
        "product_version": "patch: 0:2.2.23-1.SP2_redhat_00001.1.el8eap"
      },
      {
        "id": "2d9b8557-5730-32df-af14-8dfe0027c899",
        "product": {
          "name": "Red Hat JBoss Enterprise Application Platform 7.4 on RHEL 7"
        },
        "product_version": "patch: 0:2.0.14-1.Final_redhat_00001.1.el7eap"
      },
      {
        "id": "2e7275db-1fac-3ed8-b308-0e16cf328e53",
        "product": {
          "name": "RHEL-8 based Middleware Containers"
        },
        "product_version": "patch: 7.6-24"
      },
      {
        "id": "46b0d862-99f7-3efd-a5e9-15ca49c5aaeb",
        "product": {
          "name": "Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 9"
        },
        "product_version": "patch: 0:2.2.23-1.SP2_redhat_00001.1.el9eap"
      },
      {
        "id": "5052043e-e3b3-3e9a-84c5-8411ed43de17",
        "product": {
          "name": "Red Hat Single Sign-On 7.6 for RHEL 8"
        },
        "product_version": "patch: 0:18.0.8-1.redhat_00001.1.el8sso"
      },
      {
        "id": "673b5657-d0cd-316f-ac77-8d3b0adf98b9",
        "product": {
          "name": "Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 8"
        },
        "product_version": "patch: 0:2.2.22-1.SP3_redhat_00002.1.el8eap"
      },
      {
        "id": "7ac2045d-35ef-3c3f-9389-9c265c09c615",
        "product": {
          "name": "Red Hat JBoss Enterprise Application Platform 7.4 on RHEL 7"
        },
        "product_version": "patch: 0:2.2.22-1.SP3_redhat_00002.1.el7eap"
      },
      {
        "id": "7b2d4eb8-05ab-3861-8523-ba40ddb2c880",
        "product": {
          "name": "Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 9"
        },
        "product_version": "patch: 0:2.0.14-1.Final_redhat_00001.1.el9eap"
      },
      {
        "id": "9828221c-f53f-31df-b8b7-4410df2fc7fd",
        "product": {
          "name": "Red Hat JBoss Enterprise Application Platform 7.4 on RHEL 7"
        },
        "product_version": "patch: 0:7.4.9-6.GA_redhat_00004.1.el7eap"
      },
      {
        "id": "b595887d-f6fa-378c-ace5-e6e16afcf1f9",
        "product": {
          "name": "Red Hat Single Sign-On 7.6 for RHEL 9"
        },
        "product_version": "patch: 0:18.0.8-1.redhat_00001.1.el9sso"
      },
      {
        "id": "cfb5dbd1-9a7f-3a4a-a160-3dc14af64687",
        "product": {
          "name": "Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 8"
        },
        "product_version": "patch: 0:2.0.14-1.Final_redhat_00001.1.el8eap"
      },
      {
        "id": "d339e194-dcb5-3cdd-b191-f63fc5bc12d5",
        "product": {
          "name": "Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 9"
        },
        "product_version": "patch: 0:7.4.9-6.GA_redhat_00004.1.el9eap"
      },
      {
        "id": "d74a5e20-794c-3c3b-908e-1a1c91cace72",
        "product": {
          "name": "Red Hat JBoss Enterprise Application Platform 7.4 on RHEL 7"
        },
        "product_version": "patch: 0:2.2.23-1.SP2_redhat_00001.1.el7eap"
      },
      {
        "id": "ed53b412-73f2-3b5f-91d7-2fc4d74373e1",
        "product": {
          "name": "Red Hat Single Sign-On 7.6 for RHEL 7"
        },
        "product_version": "patch: 0:18.0.8-1.redhat_00001.1.el7sso"
      },
      {
        "id": "f39ea86a-86b2-33ec-a5aa-b38a12459e27",
        "product": {
          "name": "Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 9"
        },
        "product_version": "patch: 0:2.2.22-1.SP3_redhat_00002.1.el9eap"
      }
    ]
  }
]

Source	Link
nvd	www.nvd.nist.gov/vuln/detail/CVE-2023-1108
github	www.github.com/undertow-io/undertow/pull/1457
github	www.github.com/undertow-io/undertow/commit/ccc053b55f5de9872bc1a4999fd6aa85fc5e146d
github	www.github.com/undertow-io/undertow/commit/1b763064a41a30583b5df9a118898513007a70be
github	www.github.com/undertow-io/undertow/commit/1302c8cf4476936802504efe0d36c58dcd954f78
security	www.security.netapp.com/advisory/ntap-20231020-0002
github	www.github.com/undertow-io/undertow
github	www.github.com/advisories/GHSA-m4mm-pg93-fv78
bugzilla	www.bugzilla.redhat.com/show_bug.cgi
access	www.access.redhat.com/security/cve/CVE-2023-1108

03 Oct 2025 20:07Current

7.7High risk

Vulners AI Score7.7

CVSS 3.17.5

EPSS0.00567

SSVC