Description
A flaw was found in undertow. The HTTP2SourceChannel fails to write the final frame under some circumstances, resulting in a denial of service. The highest threat from this vulnerability is availability. This flaw affects Undertow versions prior to 2.0.35.SP1, prior to 2.2.6.SP1, prior to 2.2.7.SP1, prior to 2.0.36.SP1, prior to 2.2.9.Final and prior to 2.0.39.Final.
References (2)
Core 2
Core References
Issue Tracking, Third Party Advisory x_refsource_misc
https://bugzilla.redhat.com/show_bug.cgi?id=1970930
Third Party Advisory x_refsource_confirm
https://security.netapp.com/advisory/ntap-20220804-0003/
Scores
CVSS v3
5.9
EPSS
0.0017
EPSS Percentile
37.7%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
Details
CWE
CWE-362
Status
published
Products (17)
io.undertow/undertow-core
2.1.0 - 2.2.9.FinalMaven
netapp/active_iq_unified_manager
(3 CPE variants)
netapp/oncommand_insight
netapp/oncommand_workflow_automation
redhat/fuse
1.0
redhat/jboss_enterprise_application_platform
redhat/jboss_enterprise_application_platform
7.3
redhat/jboss_enterprise_application_platform
7.4
redhat/openshift_application_runtimes
redhat/single_sign-on
... and 7 more
Published
May 24, 2022
Tracked Since
Feb 18, 2026