CVE-2023-1973 HIGH

CVE-2023-1973: Undertow: unrestricted request storage leads to memory exhaustion

Vendor Red Hat
Product Red Hat JBoss Enterprise Application Platform 7
Weakness CWE-20 · Input validation
Published November 7, 2024
Last update November 7, 2024

CVSS base score

7.5/10
Attack vector Network
Attack complexity Low
Privileges required None
User interaction None
Confidentiality None
Integrity None

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

What the vulnerability does

01Description

A flaw was found in Undertow package. Using the FormAuthenticationMechanism, a malicious user could trigger a Denial of Service by sending crafted requests, leading the server to an OutofMemory error, exhausting the server's memory.

Key dates

02Disclosure timeline

November 7, 2024 CVE published
November 7, 2024 Record updated

Related vulnerabilities

04Related CVE