CLSA-2026-1777305243

See a problem?

Import Source

https://github.com/cloudlinux/tuxcare-osv/tree/main/data/els_os/ubuntu20.04els/CLSA-2026-1777305243.json

JSON Data

https://api.test.osv.dev/v1/vulns/CLSA-2026-1777305243

Upstream

CVE-2024-38286

Published

2026-04-27T20:21:07Z

Modified

2026-06-04T09:47:37.474959161Z

Summary

Fix CVE(s): CVE-2024-38286

Details

SECURITY UPDATE: Denial of Service caused by unbounded TLS handshake wrap queue in SecureNio2Channel / SecureNioChannel. Backport upstream fix from 9.0.x commit 76c5cce6f0bcef14b0c21c38910371ca7d322d13.
- debian/patches/CVE-2024-38286.patch: cap the handshake wrap queue at HANDSHAKEWRAPQUEUELENGTHLIMIT (100) and close the connection with a localised error message if the cap is exceeded, covering both Nio2 and Nio connector variants. Also includes upstream follow-up bfa5de95ad ("Avoid possible lost update") which converts the SecureNio2Channel counter to AtomicInteger and resets it in reset() to prevent a non-atomic read-modify-write race.
- CVE-2024-38286

References

https://errata.tuxcare.com/els_os/ubuntu20.04els/CLSA-2026-1777305243.html

Affected packages

TuxCare:Ubuntu:20.04

libtomcat9-embed-java

Package

Name: libtomcat9-embed-java
Purl: pkg:deb/tuxcare/libtomcat9-embed-java?distro=ubuntu-20.04

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

9.0.31-1ubuntu0.9+tuxcare.els3

Database specific

source

"https://github.com/cloudlinux/tuxcare-osv/tree/main/data/els_os/ubuntu20.04els/CLSA-2026-1777305243.json"

libtomcat9-java

Package

Name: libtomcat9-java
Purl: pkg:deb/tuxcare/libtomcat9-java?distro=ubuntu-20.04

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

9.0.31-1ubuntu0.9+tuxcare.els3

Database specific

source

"https://github.com/cloudlinux/tuxcare-osv/tree/main/data/els_os/ubuntu20.04els/CLSA-2026-1777305243.json"

tomcat9

Package

Name: tomcat9
Purl: pkg:deb/tuxcare/tomcat9?distro=ubuntu-20.04

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

9.0.31-1ubuntu0.9+tuxcare.els3

Database specific

source

"https://github.com/cloudlinux/tuxcare-osv/tree/main/data/els_os/ubuntu20.04els/CLSA-2026-1777305243.json"

tomcat9-admin

Package

Name: tomcat9-admin
Purl: pkg:deb/tuxcare/tomcat9-admin?distro=ubuntu-20.04

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

9.0.31-1ubuntu0.9+tuxcare.els3

Database specific

source

"https://github.com/cloudlinux/tuxcare-osv/tree/main/data/els_os/ubuntu20.04els/CLSA-2026-1777305243.json"

tomcat9-common

Package

Name: tomcat9-common
Purl: pkg:deb/tuxcare/tomcat9-common?distro=ubuntu-20.04

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

9.0.31-1ubuntu0.9+tuxcare.els3

Database specific

source

"https://github.com/cloudlinux/tuxcare-osv/tree/main/data/els_os/ubuntu20.04els/CLSA-2026-1777305243.json"

tomcat9-docs

Package

Name: tomcat9-docs
Purl: pkg:deb/tuxcare/tomcat9-docs?distro=ubuntu-20.04

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

9.0.31-1ubuntu0.9+tuxcare.els3

Database specific

source

"https://github.com/cloudlinux/tuxcare-osv/tree/main/data/els_os/ubuntu20.04els/CLSA-2026-1777305243.json"

tomcat9-examples

Package

Name: tomcat9-examples
Purl: pkg:deb/tuxcare/tomcat9-examples?distro=ubuntu-20.04

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

9.0.31-1ubuntu0.9+tuxcare.els3

Database specific

source

"https://github.com/cloudlinux/tuxcare-osv/tree/main/data/els_os/ubuntu20.04els/CLSA-2026-1777305243.json"

tomcat9-user

Package

Name: tomcat9-user
Purl: pkg:deb/tuxcare/tomcat9-user?distro=ubuntu-20.04

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

9.0.31-1ubuntu0.9+tuxcare.els3

Database specific

source

"https://github.com/cloudlinux/tuxcare-osv/tree/main/data/els_os/ubuntu20.04els/CLSA-2026-1777305243.json"