2209689 – (CVE-2023-3223) CVE-2023-3223 undertow: OutOfMemoryError due to @MultipartConfig handling

Bug 2209689 (CVE-2023-3223) - CVE-2023-3223 undertow: OutOfMemoryError due to @MultipartConfig handling

Summary: CVE-2023-3223 undertow: OutOfMemoryError due to @MultipartConfig handling

Keywords:
Status:	CLOSED ERRATA
Alias:	CVE-2023-3223
Product:	Security Response
Classification:	Other
Component:	vulnerability
Sub Component:
Version:	unspecified
Hardware:	All
OS:	Linux
Priority:	high
Severity:	high
Target Milestone:	---
Assignee:	Nobody
QA Contact:
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:	2208052
TreeView+	depends on / blocked

Reported:	2023-05-24 14:00 UTC by Patrick Del Bello
Modified:	2023-11-15 17:07 UTC (History)
CC List:	75 users (show)
Fixed In Version:	undertow 2.2.24
Doc Type:	---
Doc Text:	A flaw was found in undertow. Servlets annotated with @MultipartConfig may cause an OutOfMemoryError due to large multipart content. This may allow unauthorized users to cause remote Denial of Service (DoS) attack. If the server uses fileSizeThreshold to limit the file size, it's possible to bypass the limit by setting the file name in the request to null.
Clone Of:
Environment:
Last Closed:	2023-08-07 20:08:17 UTC
Embargoed:

Attachments	(Terms of Use)

Links
System	ID	Priority	Status	Summary	Last Updated
Red Hat Product Errata	RHSA-2023:4505	None	None	None	2023-08-07 15:14:57 UTC
Red Hat Product Errata	RHSA-2023:4506	None	None	None	2023-08-07 15:15:36 UTC
Red Hat Product Errata	RHSA-2023:4507	None	None	None	2023-08-07 15:16:39 UTC
Red Hat Product Errata	RHSA-2023:4509	None	None	None	2023-08-07 15:02:27 UTC
Red Hat Product Errata	RHSA-2023:4918	None	None	None	2023-08-31 13:25:27 UTC
Red Hat Product Errata	RHSA-2023:4919	None	None	None	2023-08-31 13:25:17 UTC
Red Hat Product Errata	RHSA-2023:4920	None	None	None	2023-08-31 13:25:35 UTC
Red Hat Product Errata	RHSA-2023:4921	None	None	None	2023-08-31 13:25:46 UTC
Red Hat Product Errata	RHSA-2023:4924	None	None	None	2023-08-31 13:29:27 UTC
Red Hat Product Errata	RHSA-2023:7247	None	None	None	2023-11-15 17:07:56 UTC

Description Patrick Del Bello 2023-05-24 14:00:17 UTC

A flaw was found in undertow. Servlets annotated with @MultipartConfig may cause OutOfMemoryError due to huge sized multipart content .This vulnerability can be exploited by unauthorized users to cause remote Denial-of-Service (DoS) attack. And if the server use fileSizeThreshold for the file size limit, it's possible to bypass the limit by setting the file name in the request to null.

Comment 5 errata-xmlrpc 2023-08-07 15:02:25 UTC

This issue has been addressed in the following products:

  Red Hat JBoss Enterprise Application Platform

Via RHSA-2023:4509 https://access.redhat.com/errata/RHSA-2023:4509

Comment 6 errata-xmlrpc 2023-08-07 15:14:56 UTC

This issue has been addressed in the following products:

  Red Hat JBoss Enterprise Application Platform 7.4 on RHEL 7

Via RHSA-2023:4505 https://access.redhat.com/errata/RHSA-2023:4505

Comment 7 errata-xmlrpc 2023-08-07 15:15:35 UTC

This issue has been addressed in the following products:

  Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 8

Via RHSA-2023:4506 https://access.redhat.com/errata/RHSA-2023:4506

Comment 8 errata-xmlrpc 2023-08-07 15:16:38 UTC

This issue has been addressed in the following products:

  Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 9

Via RHSA-2023:4507 https://access.redhat.com/errata/RHSA-2023:4507

Comment 9 Product Security DevOps Team 2023-08-07 20:08:14 UTC

This bug is now closed. Further updates for individual products will be reflected on the CVE page(s):

https://access.redhat.com/security/cve/cve-2023-3223

Comment 13 errata-xmlrpc 2023-08-31 13:25:14 UTC

This issue has been addressed in the following products:

  Red Hat Single Sign-On 7.6 for RHEL 8

Via RHSA-2023:4919 https://access.redhat.com/errata/RHSA-2023:4919

Comment 14 errata-xmlrpc 2023-08-31 13:25:23 UTC

This issue has been addressed in the following products:

  Red Hat Single Sign-On 7.6 for RHEL 7

Via RHSA-2023:4918 https://access.redhat.com/errata/RHSA-2023:4918

Comment 15 errata-xmlrpc 2023-08-31 13:25:31 UTC

This issue has been addressed in the following products:

  Red Hat Single Sign-On 7.6 for RHEL 9

Via RHSA-2023:4920 https://access.redhat.com/errata/RHSA-2023:4920

Comment 16 errata-xmlrpc 2023-08-31 13:25:41 UTC

This issue has been addressed in the following products:

  RHEL-8 based Middleware Containers

Via RHSA-2023:4921 https://access.redhat.com/errata/RHSA-2023:4921

Comment 17 errata-xmlrpc 2023-08-31 13:29:23 UTC

This issue has been addressed in the following products:

  Red Hat Single Sign-On 7.6.5

Via RHSA-2023:4924 https://access.redhat.com/errata/RHSA-2023:4924

Comment 18 errata-xmlrpc 2023-11-15 17:07:52 UTC

This issue has been addressed in the following products:

  Red Hat Fuse 7.12.1

Via RHSA-2023:7247 https://access.redhat.com/errata/RHSA-2023:7247

Note You need to log in before you can comment on or make changes to this bug.

aileenc
alampare
alazarot
anstephe
asoldano
avibelli
bbaranow
bgeorges
bmaxwell
boliveir
brian.stansberry
cdewolf
chazlett
clement.escoffier
cmoulliard
dandread
darran.lofthouse
dhanak
dkreling
dosoudil
drichtar
eglynn
emingora
eric.wittmann
fjuma
gjospin
gmalinko
gsmet
hamadhan
hbraun
ibek
ikanello
ivassile
iweiss
janstey
jjoyce
jmartisk
jrokos
jschluet
kverlaen
lbacciot
lgao
lhh
lthon
max.andersen
mburns
mgarciac
mnovotny
mosmerov
msochure
mstefank
msvehla
nwallace
pantinor
pdelbell
pdrozd
peholase
pgallagh
pgrist
pjindal
pmackay
probinso
pskopek
rguimara
rowaters
rruss
rstancel
rsvoboda
sbiarozk
sdouglas
security-response-team
smaestri
sthorger
tom.jenkinson
tqvarnst