CVE-2021-3597

MEDIUM5.9EPSS 0.17%

undertow Race Condition vulnerability

Published: 5/25/2022Modified: 4/28/2026

Description

A flaw was found in undertow. The HTTP2SourceChannel fails to write the final frame under some circumstances, resulting in a denial of service. The highest threat from this vulnerability is availability. This flaw affects Undertow versions prior to 2.0.35.SP1, prior to 2.2.6.SP1, prior to 2.2.7.SP1, prior to 2.0.36.SP1, prior to 2.2.9.Final and prior to 2.0.39.Final.

Affected packages (2)

Debian/undertowfrom 0, < 2.2.10-1
Maven/io.undertow:undertow-core>= 2.1.0, < 2.2.9.Final

CVSS scores

Source	Version	Severity	Vector
osv	CVSS 3.1	MEDIUM5.9	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H

References (5)

ADVISORYhttps://nvd.nist.gov/vuln/detail/CVE-2021-3597
ADVISORYhttps://security-tracker.debian.org/tracker/CVE-2021-3597
PATCHhttps://github.com/undertow-io/undertow
WEBhttps://bugzilla.redhat.com/show_bug.cgi?id=1970930
WEBhttps://security.netapp.com/advisory/ntap-20220804-0003