High severity7.5OSV Advisory· Published Sep 14, 2023· Updated Jun 17, 2026
CVE-2023-1108
CVE-2023-1108
Description
A flaw was found in undertow. This issue makes achieving a denial of service possible due to an unexpected handshake status updated in SslConduit, where the loop never terminates.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
io.undertow:undertow-coreMaven | >= 2.3.0, < 2.3.5.Final | 2.3.5.Final |
io.undertow:undertow-coreMaven | < 2.2.24.Final | 2.2.24.Final |
Affected products
2Patches
Vulnerability mechanics
References
24- access.redhat.com/errata/RHSA-2023:1184nvdVendor AdvisoryWEB
- access.redhat.com/errata/RHSA-2023:1185nvdVendor AdvisoryWEB
- access.redhat.com/errata/RHSA-2023:1512nvdVendor AdvisoryWEB
- access.redhat.com/errata/RHSA-2023:1513nvdVendor AdvisoryWEB
- access.redhat.com/errata/RHSA-2023:1514nvdVendor AdvisoryWEB
- access.redhat.com/errata/RHSA-2023:1516nvdVendor AdvisoryWEB
- access.redhat.com/errata/RHSA-2023:3883nvdVendor AdvisoryWEB
- access.redhat.com/errata/RHSA-2023:3884nvdVendor AdvisoryWEB
- access.redhat.com/errata/RHSA-2023:3885nvdVendor AdvisoryWEB
- access.redhat.com/errata/RHSA-2023:3888nvdVendor AdvisoryWEB
- access.redhat.com/errata/RHSA-2023:3892nvdVendor AdvisoryWEB
- access.redhat.com/errata/RHSA-2023:3954nvdVendor AdvisoryWEB
- access.redhat.com/errata/RHSA-2023:4612nvdVendor AdvisoryWEB
- access.redhat.com/security/cve/CVE-2023-1108nvdVendor AdvisoryWEB
- github.com/advisories/GHSA-m4mm-pg93-fv78nvdADVISORY
- nvd.nist.gov/vuln/detail/CVE-2023-1108ghsaADVISORY
- security.netapp.com/advisory/ntap-20231020-0002/nvdThird Party Advisory
- access.redhat.com/errata/RHSA-2023:2135nvdWEB
- bugzilla.redhat.com/show_bug.cginvdIssue TrackingWEB
- github.com/undertow-io/undertow/commit/1302c8cf4476936802504efe0d36c58dcd954f78ghsaWEB
- github.com/undertow-io/undertow/commit/1b763064a41a30583b5df9a118898513007a70beghsaWEB
- github.com/undertow-io/undertow/commit/ccc053b55f5de9872bc1a4999fd6aa85fc5e146dghsaWEB
- github.com/undertow-io/undertow/pull/1457ghsaWEB
- security.netapp.com/advisory/ntap-20231020-0002ghsaWEB
News mentions
0No linked articles in our index yet.