CVE-2019-19343

NameCVE-2019-19343
DescriptionA flaw was found in Undertow when using Remoting as shipped in Red Hat Jboss EAP before version 7.2.4. A memory leak in HttpOpenListener due to holding remote connections indefinitely may lead to denial of service. Versions before undertow 2.0.25.SP1 and jboss-remoting 5.0.14.SP1 are believed to be vulnerable.
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, bugtraq, EDB, Metasploit, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, Mageia, GitHub code/issues, web search, more)
NVD severitymedium
Debian Bugs948024

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
undertow (PTS)sid2.2.8-1vulnerable

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
undertowsource(unstable)(unfixed)unimportant948024

Notes

https://bugzilla.redhat.com/show_bug.cgi?id=1780445
Issue affects both Undertow and rmeoting, but for adressing the immediate
issue only af fix via remoting (https://issues.redhat.com/browse/REM3-347)
was added.
Search for package or bug name: Reporting problems