High severityNVD Advisory· Published Sep 27, 2023· Updated Aug 2, 2024
Undertow: outofmemoryerror due to @multipartconfig handling
CVE-2023-3223
Description
A flaw was found in undertow. Servlets annotated with @MultipartConfig may cause an OutOfMemoryError due to large multipart content. This may allow unauthorized users to cause remote Denial of Service (DoS) attack. If the server uses fileSizeThreshold to limit the file size, it's possible to bypass the limit by setting the file name in the request to null.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
io.undertow:undertow-parentMaven | < 2.2.24.Final | 2.2.24.Final |
Affected products
22- Red Hat/Red Hat Integration Camel Kv5cpe:/a:redhat:integration:1
- Red Hat/Red Hat JBoss Data Grid 7v5cpe:/a:redhat:jboss_data_grid:7
- Red Hat/Red Hat Data Grid 8v5cpe:/a:redhat:jboss_data_grid:8
- cpe:/a:redhat:jbosseapxp
cpe:/a:redhat:jboss_enterprise_application_platform:7.4+ 3 more
- cpe:/a:redhat:jboss_enterprise_application_platform:7.4
- cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el7range: 0:2.2.25-3.SP3_redhat_00001.1.el7eap
- cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el8range: 0:2.2.25-3.SP3_redhat_00001.1.el8eap
- cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el9range: 0:2.2.25-3.SP3_redhat_00001.1.el9eap
- cpe:/a:redhat:jboss_enterprise_bpms_platform:7
- Red Hat/Red Hat Decision Manager 7v5cpe:/a:redhat:jboss_enterprise_brms_platform:7
- Red Hat/Red Hat JBoss Fuse 6v5cpe:/a:redhat:jboss_fuse:6
- Red Hat/Red Hat Fuse 7.12.1v5cpe:/a:redhat:jboss_fuse:7
- Red Hat/Red Hat support for Spring Bootv5cpe:/a:redhat:openshift_application_runtimes:1.0
- Red Hat/Red Hat OpenStack Platform 13 (Queens) Operational Toolsv5cpe:/a:redhat:openstack-optools:13
- Red Hat/Red Hat build of Quarkusv5cpe:/a:redhat:quarkus:2
cpe:/a:redhat:red_hat_single_sign_on:7.6.5+ 3 more
- cpe:/a:redhat:red_hat_single_sign_on:7.6.5
- cpe:/a:redhat:red_hat_single_sign_on:7.6::el7range: 0:18.0.9-1.redhat_00001.1.el7sso
- cpe:/a:redhat:red_hat_single_sign_on:7.6::el8range: 0:18.0.9-1.redhat_00001.1.el8sso
- cpe:/a:redhat:red_hat_single_sign_on:7.6::el9range: 0:18.0.9-1.redhat_00001.1.el9sso
- Red Hat/RHEL-8 based Middleware Containersv5cpe:/a:redhat:rhosemc:1.0::el8Range: 7.6-27
- Red Hat/Red Hat Integration Service Registryv5cpe:/a:redhat:service_registry:2
Patches
Vulnerability mechanics
References
16- access.redhat.com/errata/RHSA-2023:4505ghsavendor-advisoryx_refsource_REDHATWEB
- access.redhat.com/errata/RHSA-2023:4506ghsavendor-advisoryx_refsource_REDHATWEB
- access.redhat.com/errata/RHSA-2023:4507ghsavendor-advisoryx_refsource_REDHATWEB
- access.redhat.com/errata/RHSA-2023:4509ghsavendor-advisoryx_refsource_REDHATWEB
- access.redhat.com/errata/RHSA-2023:4918ghsavendor-advisoryx_refsource_REDHATWEB
- access.redhat.com/errata/RHSA-2023:4919ghsavendor-advisoryx_refsource_REDHATWEB
- access.redhat.com/errata/RHSA-2023:4920ghsavendor-advisoryx_refsource_REDHATWEB
- access.redhat.com/errata/RHSA-2023:4921ghsavendor-advisoryx_refsource_REDHATWEB
- access.redhat.com/errata/RHSA-2023:4924ghsavendor-advisoryx_refsource_REDHATWEB
- access.redhat.com/errata/RHSA-2023:7247ghsavendor-advisoryx_refsource_REDHATWEB
- github.com/advisories/GHSA-65h2-wf7m-q2v8ghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2023-3223ghsaADVISORY
- access.redhat.com/security/cve/CVE-2023-3223ghsavdb-entryx_refsource_REDHATWEB
- bugzilla.redhat.com/show_bug.cgighsaissue-trackingx_refsource_REDHATWEB
- security.netapp.com/advisory/ntap-20231027-0004ghsaWEB
- security.netapp.com/advisory/ntap-20231027-0004/mitre
News mentions
0No linked articles in our index yet.