UBUNTU-CVE-2023-3223

Source
https://ubuntu.com/security/CVE-2023-3223
Import Source
https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2023/UBUNTU-CVE-2023-3223.json
JSON Data
https://api.osv.dev/v1/vulns/UBUNTU-CVE-2023-3223
Related
Published
2023-09-27T15:18:00Z
Modified
2024-10-15T14:11:30Z
Severity
  • 7.5 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVSS Calculator
Summary
[none]
Details

A flaw was found in undertow. Servlets annotated with @MultipartConfig may cause an OutOfMemoryError due to large multipart content. This may allow unauthorized users to cause remote Denial of Service (DoS) attack. If the server uses fileSizeThreshold to limit the file size, it's possible to bypass the limit by setting the file name in the request to null.

References

Affected packages

Ubuntu:Pro:16.04:LTS / undertow

Package

Name
undertow
Purl
pkg:deb/ubuntu/undertow?arch=src?distro=esm-apps/xenial

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected

Affected versions

1.*

1.3.4-1
1.3.5-1
1.3.7-1
1.3.11-1
1.3.16-1

Ecosystem specific

{
    "ubuntu_priority": "medium"
}

Ubuntu:Pro:18.04:LTS / undertow

Package

Name
undertow
Purl
pkg:deb/ubuntu/undertow?arch=src?distro=esm-apps/bionic

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected

Affected versions

1.*

1.4.20-1
1.4.21-1
1.4.22-1
1.4.23-1
1.4.23-2build1
1.4.23-3

Ecosystem specific

{
    "ubuntu_priority": "medium"
}

Ubuntu:20.04:LTS / undertow

Package

Name
undertow
Purl
pkg:deb/ubuntu/undertow?arch=src?distro=focal

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected

Affected versions

2.*

2.0.23-1
2.0.27-1
2.0.28-1
2.0.29-1

Ecosystem specific

{
    "ubuntu_priority": "medium"
}

Ubuntu:22.04:LTS / undertow

Package

Name
undertow
Purl
pkg:deb/ubuntu/undertow?arch=src?distro=jammy

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected

Affected versions

2.*

2.2.8-1
2.2.12-1
2.2.13-1
2.2.14-1
2.2.16-1

Ecosystem specific

{
    "ubuntu_priority": "medium"
}

Ubuntu:24.10 / undertow

Package

Name
undertow
Purl
pkg:deb/ubuntu/undertow?arch=src?distro=oracular

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected

Affected versions

2.*

2.3.8-2

Ecosystem specific

{
    "ubuntu_priority": "medium"
}

Ubuntu:24.04:LTS / undertow

Package

Name
undertow
Purl
pkg:deb/ubuntu/undertow?arch=src?distro=noble

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected

Affected versions

2.*

2.3.8-2

Ecosystem specific

{
    "ubuntu_priority": "medium"
}