Vulnerabilities > CVE-2023-1108 - Infinite Loop vulnerability in multiple products

CVSS 7.5 - HIGH

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

NONE

Integrity impact

NONE

Availability impact

HIGH

network

low complexity

redhat

netapp

CWE-835

NVD

Published: 2023-09-14

Updated: 2024-05-03

Summary

A flaw was found in undertow. This issue makes achieving a denial of service possible due to an unexpected handshake status updated in SslConduit, where the loop never terminates.

Vulnerable Configurations

Part	Description	Count
Application	Redhat Redhat Decision Manager 7.0 Redhat Single Sign ON - Redhat Single Sign ON 7.6 Redhat Process Automation 7.0 Redhat Openstack Platform 13.0 Redhat Jboss Enterprise Application Platform - Redhat Jboss Enterprise Application Platform 7.4 Redhat Openshift Application Runtimes - Redhat Build OF Quarkus - Redhat Integration Service Registry - Redhat Integration Camel K - Redhat Jboss Enterprise Application Platform Expansion Pack - Redhat Fuse 1.0.0 Redhat Undertow 2.3.0 Redhat Undertow - Redhat Undertow 1.0.0 Redhat Undertow 1.0.1 Redhat Undertow 1.0.2 Redhat Undertow 1.0.3 Redhat Undertow 1.0.4 Redhat Undertow 1.0.5 Redhat Undertow 1.0.6 Redhat Undertow 1.0.7 Redhat Undertow 1.0.8 Redhat Undertow 1.0.9 Redhat Undertow 1.0.10 Redhat Undertow 1.0.11 Redhat Undertow 1.0.12 Redhat Undertow 1.0.13 Redhat Undertow 1.0.14 Redhat Undertow 1.0.15 Redhat Undertow 1.0.16 Redhat Undertow 1.0.17 Redhat Undertow 1.0.18 Redhat Undertow 1.0.19 Redhat Undertow 1.1.0 Redhat Undertow 1.1.1 Redhat Undertow 1.1.2 Redhat Undertow 1.1.3 Redhat Undertow 1.1.4 Redhat Undertow 1.1.5 Redhat Undertow 1.1.6 Redhat Undertow 1.1.7 Redhat Undertow 1.1.8 Redhat Undertow 1.1.9 Redhat Undertow 1.2.0 Redhat Undertow 1.2.1 Redhat Undertow 1.2.2 Redhat Undertow 1.2.3 Redhat Undertow 1.2.4 Redhat Undertow 1.2.5 Redhat Undertow 1.2.6 Redhat Undertow 1.2.7 Redhat Undertow 1.2.8 Redhat Undertow 1.2.9 Redhat Undertow 1.2.10 Redhat Undertow 1.2.11 Redhat Undertow 1.2.12 Redhat Undertow 1.3.0 Redhat Undertow 1.3.1 Redhat Undertow 1.3.2 Redhat Undertow 1.3.3 Redhat Undertow 1.3.4 Redhat Undertow 1.3.5 Redhat Undertow 1.3.6 Redhat Undertow 1.3.7 Redhat Undertow 1.3.8 Redhat Undertow 1.3.9 Redhat Undertow 1.3.10 Redhat Undertow 1.3.11 Redhat Undertow 1.3.12 Redhat Undertow 1.3.13 Redhat Undertow 1.3.14 Redhat Undertow 1.3.15 Redhat Undertow 1.3.16 Redhat Undertow 1.3.17 Redhat Undertow 1.3.18 Redhat Undertow 1.3.19 Redhat Undertow 1.3.20 Redhat Undertow 1.3.21 Redhat Undertow 1.3.22 Redhat Undertow 1.3.23 Redhat Undertow 1.3.24 Redhat Undertow 1.3.25 Redhat Undertow 1.3.26 Redhat Undertow 1.3.27 Redhat Undertow 1.3.28 Redhat Undertow 1.3.29 Redhat Undertow 1.3.30 Redhat Undertow 1.3.31 Redhat Undertow 1.3.32 Redhat Undertow 1.3.33 Redhat Undertow 1.4.0 Redhat Undertow 1.4.1 Redhat Undertow 1.4.2 Redhat Undertow 1.4.3 Redhat Undertow 1.4.4 Redhat Undertow 1.4.5 Redhat Undertow 1.4.6 Redhat Undertow 1.4.7 Redhat Undertow 1.4.8 Redhat Undertow 1.4.10 Redhat Undertow 1.4.11 Redhat Undertow 1.4.12 Redhat Undertow 1.4.13 Redhat Undertow 1.4.14 Redhat Undertow 1.4.15 Redhat Undertow 1.4.16 Redhat Undertow 1.4.17 Redhat Undertow 1.4.18 Redhat Undertow 1.4.19 Redhat Undertow 1.4.20 Redhat Undertow 1.4.21 Redhat Undertow 1.4.22 Redhat Undertow 1.4.23 Redhat Undertow 1.4.24 Redhat Undertow 1.4.25 Redhat Undertow 1.4.26 Redhat Undertow 1.4.27 Redhat Undertow 1.4.28 Redhat Undertow 2.0.0 Redhat Undertow 2.0.1 Redhat Undertow 2.0.2 Redhat Undertow 2.0.3 Redhat Undertow 2.0.4 Redhat Undertow 2.0.5 Redhat Undertow 2.0.6 Redhat Undertow 2.0.7 Redhat Undertow 2.0.8 Redhat Undertow 2.0.9 Redhat Undertow 2.0.10 Redhat Undertow 2.0.11 Redhat Undertow 2.0.12 Redhat Undertow 2.0.13 Redhat Undertow 2.0.14 Redhat Undertow 2.0.15 Redhat Undertow 2.0.16 Redhat Undertow 2.0.17 Redhat Undertow 2.0.18 Redhat Undertow 2.0.19 Redhat Undertow 2.0.20 Redhat Undertow 2.0.21 Redhat Undertow 2.0.22 Redhat Undertow 2.0.23 Redhat Undertow 2.0.24 Redhat Undertow 2.0.25 Redhat Undertow 2.0.26 Redhat Undertow 2.0.27 Redhat Undertow 2.0.28 Redhat Undertow 2.0.29 Redhat Undertow 2.0.30 Redhat Undertow 2.0.31 Redhat Undertow 2.0.32 Redhat Undertow 2.0.33 Redhat Undertow 2.0.34 Redhat Undertow 2.0.35 Redhat Undertow 2.0.36 Redhat Undertow 2.0.39 Redhat Undertow 2.1.0 Redhat Undertow 2.1.1 Redhat Undertow 2.1.2 Redhat Undertow 2.1.3 Redhat Undertow 2.1.4 Redhat Undertow 2.1.5 Redhat Undertow 2.1.6 Redhat Undertow 2.1.7 Redhat Undertow 2.2.0 Redhat Undertow 2.2.1 Redhat Undertow 2.2.2 Redhat Undertow 2.2.3 Redhat Undertow 2.2.4 Redhat Undertow 2.2.5 Redhat Undertow 2.2.6 Redhat Undertow 2.2.7 Redhat Undertow 2.2.9 Redhat Undertow 2.2.10 Redhat Undertow 2.2.11 Redhat Undertow 2.2.12 Redhat Undertow 2.2.13 Redhat Undertow 2.2.14 Redhat Undertow 2.2.15 Redhat Undertow 2.2.16 Redhat Undertow 2.2.17 Redhat Undertow 2.2.18 Redhat Undertow 2.2.19 Redhat Openshift Container Platform 4.11 Redhat Openshift Container Platform 4.12 Redhat Openshift Container Platform FOR Linuxone 4.9 Redhat Openshift Container Platform FOR Linuxone 4.10 Redhat Openshift Container Platform FOR Power 4.9 Redhat Openshift Container Platform FOR Power 4.10	310
Application	Netapp Netapp Oncommand Workflow Automation -	1
OS	Redhat Redhat Enterprise Linux 8.0 Redhat Enterprise Linux 7.0 Redhat Enterprise Linux 9.0	3

Common Weakness Enumeration (CWE)

CWE-835 - Loop with Unreachable Exit Condition ('Infinite Loop')

Summary

Vulnerable Configurations

Common Weakness Enumeration (CWE)

References