{"dataType":"CVE_RECORD","dataVersion":"5.1","cveMetadata":{"cveId":"CVE-2023-1108","assignerOrgId":"53f830b8-0a3f-465b-8143-3b8a9948e749","state":"PUBLISHED","assignerShortName":"redhat","dateReserved":"2023-03-01T00:27:23.587Z","datePublished":"2023-09-14T14:48:58.869Z","dateUpdated":"2024-08-02T05:32:46.370Z"},"containers":{"cna":{"title":"Undertow: infinite loop in sslconduit during close","metrics":[{"other":{"content":{"value":"Important","namespace":"https://access.redhat.com/security/updates/classification/"},"type":"Red Hat severity rating"}},{"cvssV3_1":{"attackComplexity":"LOW","attackVector":"NETWORK","availabilityImpact":"HIGH","baseScore":7.5,"baseSeverity":"HIGH","confidentialityImpact":"NONE","integrityImpact":"NONE","privilegesRequired":"NONE","scope":"UNCHANGED","userInteraction":"NONE","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","version":"3.1"},"format":"CVSS"}],"descriptions":[{"lang":"en","value":"A flaw was found in undertow. This issue makes achieving a denial of service possible due to an unexpected handshake status updated in SslConduit, where the loop never terminates."}],"affected":[{"versions":[{"status":"unaffected","version":"2.3.5"},{"status":"unaffected","version":"2.2.24"}],"packageName":"io.undertow:undertow-core","collectionURL":"https://github.com/undertow-io/undertow"},{"vendor":"Red Hat","product":"EAP 7.4.10 release","collectionURL":"https://access.redhat.com/jbossnetwork/restricted/listSoftware.html","defaultStatus":"unaffected","cpes":["cpe:/a:redhat:jboss_enterprise_application_platform:7.4"]},{"vendor":"Red Hat","product":"Red Hat Fuse 7.12","collectionURL":"https://access.redhat.com/jbossnetwork/restricted/listSoftware.html","defaultStatus":"unaffected","packageName":"undertow","cpes":["cpe:/a:redhat:jboss_fuse:7"]},{"vendor":"Red Hat","product":"Red Hat JBoss Enterprise Application Platform 7.1.0","collectionURL":"https://access.redhat.com/jbossnetwork/restricted/listSoftware.html","defaultStatus":"unaffected","packageName":"undertow","cpes":["cpe:/a:redhat:jboss_enterprise_application_platform:7.4"]},{"vendor":"Red Hat","product":"Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 8","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"eap7-undertow","defaultStatus":"affected","versions":[{"version":"0:2.2.22-1.SP3_redhat_00002.1.el8eap","lessThan":"*","versionType":"rpm","status":"unaffected"}],"cpes":["cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el7","cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el9","cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el8"]},{"vendor":"Red Hat","product":"Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 8","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"eap7-wildfly","defaultStatus":"affected","versions":[{"version":"0:7.4.9-6.GA_redhat_00004.1.el8eap","lessThan":"*","versionType":"rpm","status":"unaffected"}],"cpes":["cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el7","cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el9","cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el8"]},{"vendor":"Red Hat","product":"Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 8","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"eap7-undertow","defaultStatus":"affected","versions":[{"version":"0:2.2.23-1.SP2_redhat_00001.1.el8eap","lessThan":"*","versionType":"rpm","status":"unaffected"}],"cpes":["cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el8"]},{"vendor":"Red Hat","product":"Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 8","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"eap7-undertow-jastow","defaultStatus":"affected","versions":[{"version":"0:2.0.14-1.Final_redhat_00001.1.el8eap","lessThan":"*","versionType":"rpm","status":"unaffected"}],"cpes":["cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el8"]},{"vendor":"Red Hat","product":"Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 9","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"eap7-undertow","defaultStatus":"affected","versions":[{"version":"0:2.2.22-1.SP3_redhat_00002.1.el9eap","lessThan":"*","versionType":"rpm","status":"unaffected"}],"cpes":["cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el7","cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el9","cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el8"]},{"vendor":"Red Hat","product":"Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 9","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"eap7-wildfly","defaultStatus":"affected","versions":[{"version":"0:7.4.9-6.GA_redhat_00004.1.el9eap","lessThan":"*","versionType":"rpm","status":"unaffected"}],"cpes":["cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el7","cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el9","cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el8"]},{"vendor":"Red Hat","product":"Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 9","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"eap7-undertow","defaultStatus":"affected","versions":[{"version":"0:2.2.23-1.SP2_redhat_00001.1.el9eap","lessThan":"*","versionType":"rpm","status":"unaffected"}],"cpes":["cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el9"]},{"vendor":"Red Hat","product":"Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 9","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"eap7-undertow-jastow","defaultStatus":"affected","versions":[{"version":"0:2.0.14-1.Final_redhat_00001.1.el9eap","lessThan":"*","versionType":"rpm","status":"unaffected"}],"cpes":["cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el9"]},{"vendor":"Red Hat","product":"Red Hat JBoss Enterprise Application Platform 7.4 on RHEL 7","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"eap7-undertow","defaultStatus":"affected","versions":[{"version":"0:2.2.22-1.SP3_redhat_00002.1.el7eap","lessThan":"*","versionType":"rpm","status":"unaffected"}],"cpes":["cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el7","cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el9","cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el8"]},{"vendor":"Red Hat","product":"Red Hat JBoss Enterprise Application Platform 7.4 on RHEL 7","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"eap7-wildfly","defaultStatus":"affected","versions":[{"version":"0:7.4.9-6.GA_redhat_00004.1.el7eap","lessThan":"*","versionType":"rpm","status":"unaffected"}],"cpes":["cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el7","cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el9","cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el8"]},{"vendor":"Red Hat","product":"Red Hat JBoss Enterprise Application Platform 7.4 on RHEL 7","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"eap7-undertow","defaultStatus":"affected","versions":[{"version":"0:2.2.23-1.SP2_redhat_00001.1.el7eap","lessThan":"*","versionType":"rpm","status":"unaffected"}],"cpes":["cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el7"]},{"vendor":"Red Hat","product":"Red Hat JBoss Enterprise Application Platform 7.4 on RHEL 7","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"eap7-undertow-jastow","defaultStatus":"affected","versions":[{"version":"0:2.0.14-1.Final_redhat_00001.1.el7eap","lessThan":"*","versionType":"rpm","status":"unaffected"}],"cpes":["cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el7"]},{"vendor":"Red Hat","product":"Red Hat Single Sign-On 7","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","defaultStatus":"unaffected","packageName":"undertow","cpes":["cpe:/a:redhat:red_hat_single_sign_on:7.6.4"]},{"vendor":"Red Hat","product":"Red Hat Single Sign-On 7.6 for RHEL 7","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"rh-sso7-keycloak","defaultStatus":"affected","versions":[{"version":"0:18.0.8-1.redhat_00001.1.el7sso","lessThan":"*","versionType":"rpm","status":"unaffected"}],"cpes":["cpe:/a:redhat:red_hat_single_sign_on:7.6::el7"]},{"vendor":"Red Hat","product":"Red Hat Single Sign-On 7.6 for RHEL 8","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"rh-sso7-keycloak","defaultStatus":"affected","versions":[{"version":"0:18.0.8-1.redhat_00001.1.el8sso","lessThan":"*","versionType":"rpm","status":"unaffected"}],"cpes":["cpe:/a:redhat:red_hat_single_sign_on:7.6::el8"]},{"vendor":"Red Hat","product":"Red Hat Single Sign-On 7.6 for RHEL 9","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"rh-sso7-keycloak","defaultStatus":"affected","versions":[{"version":"0:18.0.8-1.redhat_00001.1.el9sso","lessThan":"*","versionType":"rpm","status":"unaffected"}],"cpes":["cpe:/a:redhat:red_hat_single_sign_on:7.6::el9"]},{"vendor":"Red Hat","product":"Red Hat support for Spring Boot 2.7.13","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","defaultStatus":"unaffected","packageName":"undertow","cpes":["cpe:/a:redhat:openshift_application_runtimes:1.0"]},{"vendor":"Red Hat","product":"RHEL-8 based Middleware Containers","collectionURL":"https://catalog.redhat.com/software/containers/","packageName":"rh-sso-7/sso76-openshift-rhel8","defaultStatus":"affected","versions":[{"version":"7.6-24","lessThan":"*","versionType":"rpm","status":"unaffected"}],"cpes":["cpe:/a:redhat:rhosemc:1.0::el8"]},{"vendor":"Red Hat","product":"RHPAM 7.13.1 async","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","defaultStatus":"unaffected","packageName":"undertow","cpes":["cpe:/a:redhat:jboss_enterprise_bpms_platform:7.13"]},{"vendor":"Red Hat","product":"Red Hat build of Quarkus","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"io.quarkus/quarkus-undertow","defaultStatus":"unaffected","cpes":["cpe:/a:redhat:quarkus:2"]},{"vendor":"Red Hat","product":"Red Hat Data Grid 8","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"undertow","defaultStatus":"unaffected","cpes":["cpe:/a:redhat:jboss_data_grid:8"]},{"vendor":"Red Hat","product":"Red Hat Integration Camel K","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"undertow","defaultStatus":"affected","cpes":["cpe:/a:redhat:integration:1"]},{"vendor":"Red Hat","product":"Red Hat Integration Camel Quarkus","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"undertow","defaultStatus":"unaffected","cpes":["cpe:/a:redhat:camel_quarkus:2"]},{"vendor":"Red Hat","product":"Red Hat Integration Service Registry","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"undertow","defaultStatus":"affected","cpes":["cpe:/a:redhat:service_registry:2"]},{"vendor":"Red Hat","product":"Red Hat JBoss Data Grid 7","collectionURL":"https://access.redhat.com/jbossnetwork/restricted/listSoftware.html","packageName":"undertow","defaultStatus":"unknown","cpes":["cpe:/a:redhat:jboss_data_grid:7"]},{"vendor":"Red Hat","product":"Red Hat JBoss Enterprise Application Platform Expansion Pack","collectionURL":"https://access.redhat.com/jbossnetwork/restricted/listSoftware.html","packageName":"undertow","defaultStatus":"affected","cpes":["cpe:/a:redhat:jbosseapxp"]},{"vendor":"Red Hat","product":"Red Hat JBoss Fuse 6","collectionURL":"https://access.redhat.com/jbossnetwork/restricted/listSoftware.html","packageName":"undertow","defaultStatus":"unknown","cpes":["cpe:/a:redhat:jboss_fuse:6"]},{"vendor":"Red Hat","product":"Red Hat OpenStack Platform 13 (Queens)","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"undertow","defaultStatus":"affected","cpes":["cpe:/a:redhat:openstack:13"]}],"references":[{"url":"https://access.redhat.com/errata/RHSA-2023:1184","name":"RHSA-2023:1184","tags":["vendor-advisory","x_refsource_REDHAT"]},{"url":"https://access.redhat.com/errata/RHSA-2023:1185","name":"RHSA-2023:1185","tags":["vendor-advisory","x_refsource_REDHAT"]},{"url":"https://access.redhat.com/errata/RHSA-2023:1512","name":"RHSA-2023:1512","tags":["vendor-advisory","x_refsource_REDHAT"]},{"url":"https://access.redhat.com/errata/RHSA-2023:1513","name":"RHSA-2023:1513","tags":["vendor-advisory","x_refsource_REDHAT"]},{"url":"https://access.redhat.com/errata/RHSA-2023:1514","name":"RHSA-2023:1514","tags":["vendor-advisory","x_refsource_REDHAT"]},{"url":"https://access.redhat.com/errata/RHSA-2023:1516","name":"RHSA-2023:1516","tags":["vendor-advisory","x_refsource_REDHAT"]},{"url":"https://access.redhat.com/errata/RHSA-2023:2135","name":"RHSA-2023:2135","tags":["vendor-advisory","x_refsource_REDHAT"]},{"url":"https://access.redhat.com/errata/RHSA-2023:3883","name":"RHSA-2023:3883","tags":["vendor-advisory","x_refsource_REDHAT"]},{"url":"https://access.redhat.com/errata/RHSA-2023:3884","name":"RHSA-2023:3884","tags":["vendor-advisory","x_refsource_REDHAT"]},{"url":"https://access.redhat.com/errata/RHSA-2023:3885","name":"RHSA-2023:3885","tags":["vendor-advisory","x_refsource_REDHAT"]},{"url":"https://access.redhat.com/errata/RHSA-2023:3888","name":"RHSA-2023:3888","tags":["vendor-advisory","x_refsource_REDHAT"]},{"url":"https://access.redhat.com/errata/RHSA-2023:3892","name":"RHSA-2023:3892","tags":["vendor-advisory","x_refsource_REDHAT"]},{"url":"https://access.redhat.com/errata/RHSA-2023:3954","name":"RHSA-2023:3954","tags":["vendor-advisory","x_refsource_REDHAT"]},{"url":"https://access.redhat.com/errata/RHSA-2023:4612","name":"RHSA-2023:4612","tags":["vendor-advisory","x_refsource_REDHAT"]},{"url":"https://access.redhat.com/security/cve/CVE-2023-1108","tags":["vdb-entry","x_refsource_REDHAT"]},{"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2174246","name":"RHBZ#2174246","tags":["issue-tracking","x_refsource_REDHAT"]},{"url":"https://github.com/advisories/GHSA-m4mm-pg93-fv78"},{"url":"https://security.netapp.com/advisory/ntap-20231020-0002/"}],"datePublic":"2023-03-07T00:00:00.000Z","problemTypes":[{"descriptions":[{"cweId":"CWE-835","description":"Loop with Unreachable Exit Condition ('Infinite Loop')","lang":"en","type":"CWE"}]}],"x_redhatCweChain":"CWE-835: Loop with Unreachable Exit Condition ('Infinite Loop')","timeline":[{"lang":"en","time":"2023-02-07T00:00:00.000Z","value":"Reported to Red Hat."},{"lang":"en","time":"2023-03-07T00:00:00.000Z","value":"Made public."}],"providerMetadata":{"orgId":"53f830b8-0a3f-465b-8143-3b8a9948e749","shortName":"redhat","dateUpdated":"2024-05-03T15:32:32.904Z"}},"adp":[{"metrics":[{"other":{"type":"ssvc","content":{"timestamp":"2024-07-08T18:37:50.625681Z","id":"CVE-2023-1108","options":[{"Exploitation":"none"},{"Automatable":"no"},{"Technical Impact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}}],"title":"CISA ADP Vulnrichment","providerMetadata":{"orgId":"134c704f-9b21-4f2e-91b3-4a467353bcc0","shortName":"CISA-ADP","dateUpdated":"2024-07-08T18:38:02.186Z"}},{"providerMetadata":{"orgId":"af854a3a-2127-422b-91ae-364da2661108","shortName":"CVE","dateUpdated":"2024-08-02T05:32:46.370Z"},"title":"CVE Program Container","references":[{"url":"https://access.redhat.com/errata/RHSA-2023:1184","name":"RHSA-2023:1184","tags":["vendor-advisory","x_refsource_REDHAT","x_transferred"]},{"url":"https://access.redhat.com/errata/RHSA-2023:1185","name":"RHSA-2023:1185","tags":["vendor-advisory","x_refsource_REDHAT","x_transferred"]},{"url":"https://access.redhat.com/errata/RHSA-2023:1512","name":"RHSA-2023:1512","tags":["vendor-advisory","x_refsource_REDHAT","x_transferred"]},{"url":"https://access.redhat.com/errata/RHSA-2023:1513","name":"RHSA-2023:1513","tags":["vendor-advisory","x_refsource_REDHAT","x_transferred"]},{"url":"https://access.redhat.com/errata/RHSA-2023:1514","name":"RHSA-2023:1514","tags":["vendor-advisory","x_refsource_REDHAT","x_transferred"]},{"url":"https://access.redhat.com/errata/RHSA-2023:1516","name":"RHSA-2023:1516","tags":["vendor-advisory","x_refsource_REDHAT","x_transferred"]},{"url":"https://access.redhat.com/errata/RHSA-2023:2135","name":"RHSA-2023:2135","tags":["vendor-advisory","x_refsource_REDHAT","x_transferred"]},{"url":"https://access.redhat.com/errata/RHSA-2023:3883","name":"RHSA-2023:3883","tags":["vendor-advisory","x_refsource_REDHAT","x_transferred"]},{"url":"https://access.redhat.com/errata/RHSA-2023:3884","name":"RHSA-2023:3884","tags":["vendor-advisory","x_refsource_REDHAT","x_transferred"]},{"url":"https://access.redhat.com/errata/RHSA-2023:3885","name":"RHSA-2023:3885","tags":["vendor-advisory","x_refsource_REDHAT","x_transferred"]},{"url":"https://access.redhat.com/errata/RHSA-2023:3888","name":"RHSA-2023:3888","tags":["vendor-advisory","x_refsource_REDHAT","x_transferred"]},{"url":"https://access.redhat.com/errata/RHSA-2023:3892","name":"RHSA-2023:3892","tags":["vendor-advisory","x_refsource_REDHAT","x_transferred"]},{"url":"https://access.redhat.com/errata/RHSA-2023:3954","name":"RHSA-2023:3954","tags":["vendor-advisory","x_refsource_REDHAT","x_transferred"]},{"url":"https://access.redhat.com/errata/RHSA-2023:4612","name":"RHSA-2023:4612","tags":["vendor-advisory","x_refsource_REDHAT","x_transferred"]},{"url":"https://access.redhat.com/security/cve/CVE-2023-1108","tags":["vdb-entry","x_refsource_REDHAT","x_transferred"]},{"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2174246","name":"RHBZ#2174246","tags":["issue-tracking","x_refsource_REDHAT","x_transferred"]},{"url":"https://github.com/advisories/GHSA-m4mm-pg93-fv78","tags":["x_transferred"]},{"url":"https://security.netapp.com/advisory/ntap-20231020-0002/","tags":["x_transferred"]}]}]}}