Vulnerability Database
296,733
Total vulnerabilities in the database
CVE-2021-3690
A flaw was found in Undertow. A buffer leak on the incoming WebSocket PONG message may lead to memory exhaustion. This flaw allows an attacker to cause a denial of service. The highest threat from this vulnerability is availability.
| Software | From | Fixed in |
|---|---|---|
| redhat / fuse | 1.0 | 1.0.x |
| redhat / undertow | - | 2.0.40 |
| redhat / undertow | 2.1.0 | 2.2.10 |
| redhat / jboss_enterprise_application_platform | 7.3 | 7.3.x |
| redhat / jboss_enterprise_application_platform | 7.4 | 7.4.x |
io.undertow / undertow-core
|
- | 2.0.40 |
|
io.undertow / undertow-core
|
2.2.0 | 2.2.10 |
- https://access.redhat.com/security/cve/CVE-2021-3690
- https://access.redhat.com/security/cve/cve-2021-3690#cve-cvss-v3
- https://bugzilla.redhat.com/show_bug.cgi?id=1991299
- https://github.com/undertow-io/undertow/commit/c7e84a0b7efced38506d7d1dfea5902366973877
- https://issues.redhat.com/browse/UNDERTOW-1935
- https://www.mend.io/vulnerability-database/CVE-2021-3690
Deep Security Visibility Without the Complexity
SynScan provides clear, real-time security insights so you can monitor your attack surface, spot risks early, and act fast—without extra complexity.
- No setup fees
- 5-min deployment
- Cancel anytime