Get a Demo

Let's Patch It!

Book a short call with one our specialists, we'll walk you through how Endor Patches work, and ask you a few questions about your environment (like your primary programming languages and repository management). We'll also send you an email right after you fill out the form, feel free to reply with any questions you have in advance!

cve-2023-3223
Back to All
CVE

CVE-2023-3223

Undertow vulnerable to denial of service

Description

A flaw was found in undertow. Servlets annotated with @MultipartConfig may cause an OutOfMemoryError due to large multipart content. This may allow unauthorized users to cause remote Denial of Service (DoS) attack. If the server uses fileSizeThreshold to limit the file size, it's possible to bypass the limit by setting the file name in the request to null.

Base CVSS

7.5

EPSS Score

6.46%

Introduced Version

1.0.0.Alpha1

Fix Available

2.3.7.Final,2.2.25.Final

Available Patches

Package
CVEs Fixed
Lines of Code Changed
Package Name
io.undertow:undertow-servlet
2.3.6.Final
CVES Fixed
C
0
H
1
M
0
L
0
Code Changed
+42
-4

References

https://access.redhat.com/errata/RHSA-2023:4505
https://security.netapp.com/advisory/ntap-20231027-0004
https://github.com/undertow-io/undertow
https://access.redhat.com/security/cve/CVE-2023-3223
https://access.redhat.com/errata/RHSA-2023:4918
https://nvd.nist.gov/vuln/detail/CVE-2023-3223
https://access.redhat.com/errata/RHSA-2023:4509
https://access.redhat.com/errata/RHSA-2023:4919
https://access.redhat.com/errata/RHSA-2023:4924
https://access.redhat.com/errata/RHSA-2023:7247
https://access.redhat.com/errata/RHSA-2023:4507
https://access.redhat.com/errata/RHSA-2023:4921
https://bugzilla.redhat.com/show_bug.cgi?id=2209689
https://access.redhat.com/errata/RHSA-2023:4506
https://access.redhat.com/errata/RHSA-2023:4920

AppSec for the Software Development Revolution

Endor Labs builds a complete graph of your software estate, so teams can pinpoint and fix critical risks in complex, dependency-rich code—whether it was written by humans or AI.

Welcome to the resistance
Oops! Something went wrong, please try again.
brightness-increase
moon-01