CVE-2017-2670 HIGH

CVE-2017-2670

Vendor [Unknown]

Product undertow

Weakness CWE-835

Published July 27, 2018

Last update August 5, 2024

View on NVD All CVEs

CVSS base score

7.5/10

Attack vector Network

Attack complexity Low

Privileges required None

User interaction None

Confidentiality None

Integrity None

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

What the vulnerability does

01Description

It was found in Undertow before 1.3.28 that with non-clean TCP close, the Websocket server gets into infinite loop on every IO thread, effectively causing DoS.

Key dates

02Disclosure timeline

July 27, 2018 CVE published

August 5, 2024 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2017-2670 CWE — Common Weakness Enumeration https://cwe.mitre.org/data/definitions/835.html

Related vulnerabilities

04Related CVE

CVE-2024-9340 Denial of Service (DoS) via Multipart Boundary in zenml-io/zenml CVE-2026-44186 Apache HTTP Server: Loop in `proxy_ftp_handler` in mod_proxy_ftp CVE-2025-69227 AIOHTTP vulnerable to DoS when bypassing asserts CVE-2024-32650 Rustls vulnerable to an infinite loop in rustls::conn::ConnectionCommon::complete_io() with proper client input CVE-2021-29482 denial of service in github.com/ulikunitz/xz