CVE-2021-3690 — HIGH (7.5) — White Hats Nepal

Q: How severe is CVE-2021-3690?

CVE-2021-3690 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2021-3690?

Check the references section above for vendor advisories and patch information. Affected products include: Redhat Fuse, Redhat Integration Camel K, Redhat Integration Camel Quarkus, Redhat Jboss Enterprise Application Platform, Redhat Openshift Application Runtimes.

Vulnerability Description

A flaw was found in Undertow. A buffer leak on the incoming WebSocket PONG message may lead to memory exhaustion. This flaw allows an attacker to cause a denial of service. The highest threat from this vulnerability is availability.

CVSS Score

7.5

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

NONE

Integrity

NONE

Availability

HIGH

Affected Products

Vendor	Product	Versions
Redhat	Fuse	1.0
Redhat	Integration Camel K	-
Redhat	Integration Camel Quarkus	-
Redhat	Jboss Enterprise Application Platform	-
Redhat	Openshift Application Runtimes	-
Redhat	Single Sign-On	-
Redhat	Undertow	< 2.0.40
Redhat	Enterprise Linux	6.0

Related Weaknesses (CWE)

CWE-401 CWE-400

References

https://access.redhat.com/security/cve/CVE-2021-3690Vendor Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=1991299Issue TrackingVendor Advisory
https://github.com/undertow-io/undertow/commit/c7e84a0b7efced38506d7d1dfea590236PatchThird Party Advisory
https://issues.redhat.com/browse/UNDERTOW-1935ExploitIssue TrackingMitigation
https://access.redhat.com/security/cve/CVE-2021-3690Vendor Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=1991299Issue TrackingVendor Advisory
https://github.com/undertow-io/undertow/commit/c7e84a0b7efced38506d7d1dfea590236PatchThird Party Advisory
https://issues.redhat.com/browse/UNDERTOW-1935ExploitIssue TrackingMitigation

FAQ

What is CVE-2021-3690?

CVE-2021-3690 is a vulnerability with a CVSS score of 7.5 (HIGH). A flaw was found in Undertow. A buffer leak on the incoming WebSocket PONG message may lead to memory exhaustion. This flaw allows an attacker to cause a denial of service. The highest threat from thi...

How severe is CVE-2021-3690?

CVE-2021-3690 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2021-3690?

Check the references section above for vendor advisories and patch information. Affected products include: Redhat Fuse, Redhat Integration Camel K, Redhat Integration Camel Quarkus, Redhat Jboss Enterprise Application Platform, Redhat Openshift Application Runtimes.