Apache Tomcat 8.5.0 to 8.5.63, 9.0.0-M1 to 9.0.43 and 10.0.0-M1 to 10.0.2 did not properly validate incoming TLS packets. When Tomcat was configured to use NIO+OpenSSL or NIO2+OpenSSL for TLS, a specially crafted packet could be used to trigger an infinite loop resulting in a denial of service.
The product contains an iteration or loop with an exit condition that cannot be reached, i.e., an infinite loop.
Name | Vendor | Start Version | End Version |
---|---|---|---|
Tomcat | Apache | 8.5.0 (including) | 8.5.64 (excluding) |
Tomcat | Apache | 9.0.0 (including) | 9.0.44 (excluding) |
Tomcat | Apache | 10.0.0 (including) | 10.0.2 (including) |