What the vulnerability does
01Description
A flaw was found in undertow. This issue makes achieving a denial of service possible due to an unexpected handshake status updated in SslConduit, where the loop never terminates.
CVE-2023-1108
HIGH
CVE-2023-1108: Undertow: infinite loop in sslconduit during close
CVSS base score
7.5/10
CVSS vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Key dates
02Disclosure timeline
September 14, 2023
CVE published
August 2, 2024
Record updated
External resources
03References
Related vulnerabilities
04Related CVE
CVE-2024-23352 Loop with Unreachable Exit Condition (`Infinite Loop`) in Multi Mode Call Processor
CVE-2023-45233 Infinite loop in EDK II Network Package
CVE-2025-11626 Loop with Unreachable Exit Condition ('Infinite Loop') in Wireshark
CVE-2023-43511 Loop with Unreachable Exit Condition (Infinite Loop) in WLAN Firmware
CVE-2025-0673 Loop with Unreachable Exit Condition ('Infinite Loop') in GitLab
