A flaw was found in undertow. This issue makes achieving a denial of service possible due to an unexpected handshake status updated in SslConduit, where the loop never terminates.
The product contains an iteration or loop with an exit condition that cannot be reached, i.e., an infinite loop.
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| Build_of_quarkus | Redhat | - (including) | - (including) |
| Decision_manager | Redhat | 7.0 (including) | 7.0 (including) |
| Fuse | Redhat | 1.0.0 (including) | 1.0.0 (including) |
| Integration_camel_k | Redhat | - (including) | - (including) |
| Integration_service_registry | Redhat | - (including) | - (including) |
| Jboss_enterprise_application_platform | Redhat | - (including) | - (including) |
| Jboss_enterprise_application_platform_expansion_pack | Redhat | - (including) | - (including) |
| Openshift_application_runtimes | Redhat | - (including) | - (including) |
| Openstack_platform | Redhat | 13.0 (including) | 13.0 (including) |
| Process_automation | Redhat | 7.0 (including) | 7.0 (including) |
| Single_sign-on | Redhat | - (including) | - (including) |
| Undertow | Redhat | * | 2.2.24 (excluding) |
| Undertow | Redhat | 2.3.0 (including) | 2.3.5 (excluding) |