Lucene search

GitHub Advisory DatabaseGHSA-9623-MQMM-5RCF

HistoryAug 21, 2024 - 3:30 p.m.

Undertow vulnerable to Race Condition

2024-08-2115:30:54

CWE-362

GitHub Advisory Database

github.com

undertow

race condition

proxyprotocolreadlistener

stringbuilder

information leakage

data exposure

multi-request.

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

AI Score

6.5

Confidence

Low

EPSS

0.001

Percentile

21.9%

JSON

A vulnerability was found in Undertow where the ProxyProtocolReadListener reuses the same StringBuilder instance across multiple requests. This issue occurs when the parseProxyProtocolV1 method processes multiple requests on the same HTTP connection. As a result, different requests may share the same StringBuilder instance, potentially leading to information leakage between requests or responses. In some cases, a value from a previous request or response may be erroneously reused, which could lead to unintended data exposure. This issue primarily results in errors and connection termination but creates a risk of data leakage in multi-request environments.

Affected configurations

Vulners

Node

io.undertow\undertowMatchcore

VendorProductVersionCPE
io.undertow\undertowcorecpe:2.3:a:io.undertow\:undertow:core:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
io.undertow\	undertow	core	cpe:2.3:a:io.undertow\:undertow:core::::::::

References

access.redhat.com/errata/RHSA-2024:6508

access.redhat.com/errata/RHSA-2024:6883

access.redhat.com/security/cve/CVE-2024-7885

bugzilla.redhat.com/show_bug.cgi?id=2305290

github.com/advisories/GHSA-9623-mqmm-5rcf

github.com/undertow-io/undertow/blob/182e4ca1543c52f438b0244c930dca3d8b6e68e3/core/src/main/java/io/undertow/server/protocol/proxy/ProxyProtocolReadListener.java

nvd.nist.gov/vuln/detail/CVE-2024-7885