CVE-2023-1108

CVE	CVE-2023-1108
State	PUBLIC
Assigner	[email protected]
Source Priority	CVE Program / NVD first with legacy fallback
Published	2023-09-14 15:15:00 UTC
Updated	2023-11-16 00:46:00 UTC
Description	A flaw was found in undertow. This issue makes achieving a denial of service possible due to an unexpected handshake status updated in SslConduit, where the loop never terminates.

Problem Types: CWE-835

Type	Vendor	Product	Version	Update	Edition	Language
Application	Netapp	Oncommand Workflow Automation	-	All	All	All
Application	Redhat	Build Of Quarkus	-	All	All	All
Application	Redhat	Decision Manager	7.0	All	All	All
Operating System	Redhat	Enterprise Linux	7.0	All	All	All
Operating System	Redhat	Enterprise Linux	8.0	All	All	All
Operating System	Redhat	Enterprise Linux	9.0	All	All	All
Application	Redhat	Fuse	1.0.0	All	All	All
Application	Redhat	Integration Camel K	-	All	All	All
Application	Redhat	Integration Service Registry	-	All	All	All
Application	Redhat	Jboss Enterprise Application Platform	-	All	All	All
Application	Redhat	Jboss Enterprise Application Platform	7.4	All	All	All
Application	Redhat	Jboss Enterprise Application Platform Expansion Pack	-	All	All	All
Application	Redhat	Openshift Application Runtimes	-	All	All	All
Application	Redhat	Openshift Container Platform	4.11	All	All	All
Application	Redhat	Openshift Container Platform	4.12	All	All	All
Application	Redhat	Openshift Container Platform For Linuxone	4.10	All	All	All
Application	Redhat	Openshift Container Platform For Linuxone	4.9	All	All	All
Application	Redhat	Openshift Container Platform For Power	4.10	All	All	All
Application	Redhat	Openshift Container Platform For Power	4.9	All	All	All
Application	Redhat	Openstack Platform	13.0	All	All	All
Application	Redhat	Process Automation	7.0	All	All	All
Application	Redhat	Single Sign-on	-	All	All	All
Application	Redhat	Single Sign-on	7.6	All	All	All
Application	Redhat	Undertow	All	All	All	All

Reference	Source	Link	Tags
CVE-2023-1108 Undertow Vulnerability in NetApp Products \| NetApp Product Security	MISC	security.netapp.com
access.redhat.com/errata/RHSA-2023:3884	MISC	access.redhat.com
access.redhat.com/errata/RHSA-2023:3885	MISC	access.redhat.com
access.redhat.com/errata/RHSA-2023:3883	MISC	access.redhat.com
cve-details	MISC	access.redhat.com
2174246 – (CVE-2023-1108) CVE-2023-1108 Undertow: Infinite loop in SslConduit during close	MISC	bugzilla.redhat.com
Red Hat	MISC	access.redhat.com
Red Hat	MISC	access.redhat.com
access.redhat.com/errata/RHSA-2023:3888	MISC	access.redhat.com
Red Hat	MISC	access.redhat.com
Red Hat	MISC	access.redhat.com
Red Hat	MISC	access.redhat.com
access.redhat.com/errata/RHSA-2023:3892	MISC	access.redhat.com
Red Hat	MISC	access.redhat.com
Red Hat	MISC	access.redhat.com
Red Hat	MISC	access.redhat.com
CVE Program record	CVE.ORG	www.cve.org	canonical
NVD vulnerability detail	NVD	nvd.nist.gov	canonical, analysis

No vendor comments have been submitted for this CVE.

241253 Red Hat Update for JBoss Enterprise Application Platform 7.4 (RHSA-2023:1185)
241301 Red Hat Update for JBoss Enterprise Application Platform 7.4.1 on RHEL 7 (RHSA-2023:1512)
241302 Red Hat Update for JBoss Enterprise Application Platform 7.4.1 on RHEL 8 (RHSA-2023:1513)
241303 Red Hat Update for JBoss Enterprise Application Platform 7.4.1 on RHEL 9 (RHSA-2023:1514)
995297 Java (Maven) Security Update for io.undertow:undertow-core (GHSA-m4mm-pg93-fv78)