CVE-2023-1108 — HIGH (7.5) — White Hats Nepal

Q: What is CVE-2023-1108?

CVE-2023-1108 is a vulnerability with a CVSS score of 7.5 (HIGH). A flaw was found in undertow. This issue makes achieving a denial of service possible due to an unexpected handshake status updated in SslConduit, where the loop never terminates.

Q: How severe is CVE-2023-1108?

CVE-2023-1108 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2023-1108?

Check the references section above for vendor advisories and patch information. Affected products include: Redhat Build Of Quarkus, Redhat Decision Manager, Redhat Fuse, Redhat Integration Camel K, Redhat Integration Service Registry.

Vulnerability Description

A flaw was found in undertow. This issue makes achieving a denial of service possible due to an unexpected handshake status updated in SslConduit, where the loop never terminates.

CVSS Score

7.5

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

NONE

Integrity

NONE

Availability

HIGH

Affected Products

Vendor	Product	Versions
Redhat	Build Of Quarkus	-
Redhat	Decision Manager	7.0
Redhat	Fuse	1.0.0
Redhat	Integration Camel K	-
Redhat	Integration Service Registry	-
Redhat	Jboss Enterprise Application Platform	-
Redhat	Jboss Enterprise Application Platform Expansion Pack	-
Redhat	Openshift Application Runtimes	-
Redhat	Openstack Platform	13.0
Redhat	Process Automation	7.0
Redhat	Single Sign-On	-
Redhat	Undertow	< 2.2.24
Redhat	Openshift Container Platform	4.11
Redhat	Openshift Container Platform For Linuxone	4.9
Redhat	Openshift Container Platform For Power	4.9
Redhat	Enterprise Linux	8.0
Netapp	Oncommand Workflow Automation	-

Related Weaknesses (CWE)

CWE-835

References

https://access.redhat.com/errata/RHSA-2023:1184Vendor Advisory
https://access.redhat.com/errata/RHSA-2023:1185Vendor Advisory
https://access.redhat.com/errata/RHSA-2023:1512Vendor Advisory
https://access.redhat.com/errata/RHSA-2023:1513Vendor Advisory
https://access.redhat.com/errata/RHSA-2023:1514Vendor Advisory
https://access.redhat.com/errata/RHSA-2023:1516Vendor Advisory
https://access.redhat.com/errata/RHSA-2023:2135
https://access.redhat.com/errata/RHSA-2023:3883Vendor Advisory
https://access.redhat.com/errata/RHSA-2023:3884Vendor Advisory
https://access.redhat.com/errata/RHSA-2023:3885Vendor Advisory
https://access.redhat.com/errata/RHSA-2023:3888Vendor Advisory
https://access.redhat.com/errata/RHSA-2023:3892Vendor Advisory
https://access.redhat.com/errata/RHSA-2023:3954Vendor Advisory
https://access.redhat.com/errata/RHSA-2023:4612Vendor Advisory
https://access.redhat.com/security/cve/CVE-2023-1108Vendor Advisory

FAQ

What is CVE-2023-1108?

CVE-2023-1108 is a vulnerability with a CVSS score of 7.5 (HIGH). A flaw was found in undertow. This issue makes achieving a denial of service possible due to an unexpected handshake status updated in SslConduit, where the loop never terminates.

How severe is CVE-2023-1108?

CVE-2023-1108 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2023-1108?

Check the references section above for vendor advisories and patch information. Affected products include: Redhat Build Of Quarkus, Redhat Decision Manager, Redhat Fuse, Redhat Integration Camel K, Redhat Integration Service Registry.