CVE-2021-3597

A flaw was found in undertow. The HTTP2SourceChannel fails to write the final frame under some circumstances, resulting in a denial of service. The highest threat from this vulnerability is availability. This flaw affects Undertow versions prior to 2.0.35.SP1, prior to 2.2.6.SP1, prior to 2.2.7.SP1, prior to 2.0.36.SP1, prior to 2.2.9.Final and prior to 2.0.39.Final.

Published: May 24, 2022
Updated: May 9, 2024
CVE: CVE-2021-3597
GHSA: GHSA-mfhv-gwf8-4m88
Severity: Medium
Exploit:

CVSS v3:

Severity: Medium
Score: 5.9
AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H

CVSS v2:

Severity: Low
Score: 2.6
AV:N/AC:H/Au:N/C:N/I:N/A:P

CWEs:

CWE-362

Affected Software
References

Software	From	Fixed in
redhat / fuse	1.0	1.0.x
redhat / undertow	2.0.39	2.0.39.x
redhat / undertow	2.2.9	2.2.9.x
redhat / undertow	2.0.36	2.0.36.x
redhat / undertow	2.2.7	2.2.7.x
redhat / undertow	2.2.6	2.2.6.x
redhat / undertow	2.2.0	2.2.6
redhat / undertow	2.0.35	2.0.35.x
redhat / undertow	-	2.0.35
redhat / jboss_enterprise_application_platform	7.3	7.3.x
redhat / jboss_enterprise_application_platform	7.4	7.4.x
io.undertow / undertow-core	2.1.0	2.2.9.Final
io.undertow / undertow-core	-	2.0.39.Final

Vulnerability Database

289,599

CVE-2021-3597