Infinite loop in sslconduit during close
CVE-2023-1108
7.5HIGH
Key Information:
- Vendor
Red Hat
- Status
- Vendor
- CVE Published:
- 14 September 2023
What is CVE-2023-1108?
A vulnerability has been identified within Undertow, affecting its SSL Conduit. This flaw stems from an unexpected handshake status update, which can cause an infinite loop, thereby resulting in a Denial of Service. Malicious actors could exploit this vulnerability to prevent legitimate access to the service, leading to disruptions. Users of Undertow are advised to apply the latest patches to mitigate the risk associated with this issue.
Affected Version(s)
Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 8 0:2.2.22-1.SP3_redhat_00002.1.el8eap
Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 8 0:7.4.9-6.GA_redhat_00004.1.el8eap
Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 8 0:2.2.23-1.SP2_redhat_00001.1.el8eap