CVE-2021-3859

NameCVE-2021-3859
DescriptionA flaw was found in Undertow that tripped the client-side invocation timeout with certain calls made over HTTP2. This flaw allows an attacker to carry out denial of service attacks.
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, GitHub advisories/code/issues, web search, more)
Debian Bugs1015983

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
undertow (PTS)sid, trixie2.3.8-2fixed

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
undertowsource(unstable)2.2.16-11015983

Notes

https://bugzilla.redhat.com/show_bug.cgi?id=2010378
https://github.com/undertow-io/undertow/commit/e43f0ada3f4da6e8579e0020cec3cb1a81e487c2

Search for package or bug name: Reporting problems