Bug 2174246 (CVE-2023-1108) - CVE-2023-1108 Undertow: Infinite loop in SslConduit during close
Summary: CVE-2023-1108 Undertow: Infinite loop in SslConduit during close
Keywords:
Status: CLOSED ERRATA
Alias: CVE-2023-1108
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
high
high
Target Milestone: ---
Assignee: Red Hat Product Security
QA Contact:
URL:
Whiteboard:
Depends On: Embargoed2174574
Blocks: Embargoed2174243
TreeView+ depends on / blocked
 
Reported: 2023-02-28 23:39 UTC by Paramvir jindal
Modified: 2023-05-04 15:57 UTC (History)
74 users (show)

Fixed In Version:
Doc Type: If docs needed, set a value
Doc Text:
A flaw was found in undertow. This issue makes achieving a denial of service possible due to an unexpected handshake status updated in SslConduit, where the loop never terminates.
Clone Of:
Environment:
Last Closed: 2023-03-09 23:25:03 UTC


Attachments (Terms of Use)


Links
System ID Private Priority Status Summary Last Updated
Red Hat Product Errata RHSA-2023:1184 0 None None None 2023-03-09 19:35:43 UTC
Red Hat Product Errata RHSA-2023:1185 0 None None None 2023-03-09 19:38:55 UTC
Red Hat Product Errata RHSA-2023:1512 0 None None None 2023-03-29 11:44:27 UTC
Red Hat Product Errata RHSA-2023:1513 0 None None None 2023-03-29 11:42:41 UTC
Red Hat Product Errata RHSA-2023:1514 0 None None None 2023-03-29 11:41:15 UTC
Red Hat Product Errata RHSA-2023:1516 0 None None None 2023-03-29 11:46:18 UTC
Red Hat Product Errata RHSA-2023:2135 0 None None None 2023-05-04 15:57:23 UTC

Description Paramvir jindal 2023-02-28 23:39:23 UTC
https://issues.redhat.com/browse/UNDERTOW-2239

A denial-of-service vulnerability found in Undertow :

Latest JDKs from the January 18th release (jdk 11.0.18, and may be jdk 17.0.6) include this change: https://github.com/openjdk/jdk11u/commit/243a55ef31e9584467482c6159501b5d522a9427#diff-fd78e578d9d538ff23130422a81e277b5482ac752dc158b6dc07737a9c4c3f4bR737-L737
Which is suspected to be the cause of an infinite loop in SslConduit here: https://github.com/undertow-io/undertow/blob/d508c1328ba5c1ca228bfcc405f2c6b9321a1139/core/src/main/java/io/undertow/protocols/ssl/SslConduit.java#L1002-L1004

Where there is HandshakeStatus.NEED_WRAP but the status is updated to Status.CLOSED (new in this JDK release) so the loop never terminates.

Comment 10 errata-xmlrpc 2023-03-09 19:35:39 UTC
This issue has been addressed in the following products:

  Red Hat JBoss Enterprise Application Platform

Via RHSA-2023:1184 https://access.redhat.com/errata/RHSA-2023:1184

Comment 11 errata-xmlrpc 2023-03-09 19:38:52 UTC
This issue has been addressed in the following products:

  Red Hat JBoss Enterprise Application Platform 7.4 on RHEL 7
  Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 8
  Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 9

Via RHSA-2023:1185 https://access.redhat.com/errata/RHSA-2023:1185

Comment 12 Product Security DevOps Team 2023-03-09 23:24:59 UTC
This bug is now closed. Further updates for individual products will be reflected on the CVE page(s):

https://access.redhat.com/security/cve/cve-2023-1108

Comment 14 errata-xmlrpc 2023-03-29 11:41:11 UTC
This issue has been addressed in the following products:

  Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 9

Via RHSA-2023:1514 https://access.redhat.com/errata/RHSA-2023:1514

Comment 15 errata-xmlrpc 2023-03-29 11:42:37 UTC
This issue has been addressed in the following products:

  Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 8

Via RHSA-2023:1513 https://access.redhat.com/errata/RHSA-2023:1513

Comment 16 errata-xmlrpc 2023-03-29 11:44:23 UTC
This issue has been addressed in the following products:

  Red Hat JBoss Enterprise Application Platform 7.4 on RHEL 7

Via RHSA-2023:1512 https://access.redhat.com/errata/RHSA-2023:1512

Comment 17 errata-xmlrpc 2023-03-29 11:46:14 UTC
This issue has been addressed in the following products:

  EAP 7.4.10 release

Via RHSA-2023:1516 https://access.redhat.com/errata/RHSA-2023:1516

Comment 18 errata-xmlrpc 2023-05-04 15:57:20 UTC
This issue has been addressed in the following products:

  Red Hat Process Automation

Via RHSA-2023:2135 https://access.redhat.com/errata/RHSA-2023:2135


Note You need to log in before you can comment on or make changes to this bug.