Moderate severityNVD Advisory· Published Sep 11, 2018· Updated Aug 5, 2024

CVE-2018-1114

Description

It was found that URLResource.getLastModified() in Undertow closes the file descriptors only when they are finalized which can cause file descriptors to exhaust. This leads to a file handler leak.

Affected packages

Versions sourced from the GitHub Security Advisory.

Package	Affected versions	Patched versions
io.undertow:undertow-coreMaven	< 1.4.25.Final	1.4.25.Final
io.undertow:undertow-coreMaven	>= 2.0.0.Alpha1, < 2.0.5.Final	2.0.5.Final

Affected products

Red Hat/Undertowv5
Range: n/a

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

access.redhat.com/errata/RHSA-2018:2643ghsavendor-advisoryx_refsource_REDHATWEB
access.redhat.com/errata/RHSA-2018:2669ghsavendor-advisoryx_refsource_REDHATWEB
access.redhat.com/errata/RHSA-2019:0877ghsavendor-advisoryx_refsource_REDHATWEB
github.com/advisories/GHSA-gjjx-gqm4-wcgmghsaADVISORY
nvd.nist.gov/vuln/detail/CVE-2018-1114ghsaADVISORY
bugs.openjdk.java.net/browse/JDK-6956385ghsax_refsource_MISCWEB
bugzilla.redhat.com/show_bug.cgighsax_refsource_CONFIRMWEB
issues.jboss.org/browse/UNDERTOW-1338ghsax_refsource_MISCWEB

News mentions

No linked articles in our index yet.

cvss	0.260
epss	0.001
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000