Lucene search
GoogleOSV:GHSA-3HW2-H67C-WQ66HistoryMay 24, 2022 - 7:19 p.m.
Uncontrolled Recursion in Akka HTTP
2022-05-2419:19:40
Google
osv.dev
8
akka http
denial of service
http headers
EPSS
0.066
Percentile
93.9%
Akka HTTP 10.1.x and 10.2.x before 10.2.7 can encounter stack exhaustion while parsing HTTP headers, which allows a remote attacker to conduct a Denial of Service attack by sending a User-Agent header with deeply nested comments.
References
packetstormsecurity.com/files/167018/Akka-HTTP-10.1.14-Denial-Of-Service.html
akka.io/blog
akka.io/blog/news/2021/11/02/akka-http-10.2.7-released
akka.io/blog/news/2021/11/22/akka-http-10.1.15-released
doc.akka.io/docs/akka-http/current/security/2021-CVE-2021-42697-stack-overflow-parsing-user-agent.html
github.com/akka/akka-http
nvd.nist.gov/vuln/detail/CVE-2021-42697
Related
osv
osv
CVE-2021-42697
2021-11-02 22:15:08
zdt
zdt
Akka HTTP 10.1.14 - Denial of Service Exploit
2022-05-11 00:00:00
cvelist
cvelist
CVE-2021-42697
2021-11-02 21:44:54
github
github
Uncontrolled Recursion in Akka HTTP
2022-05-24 19:19:40
githubexploit
githubexploit
Exploit for Uncontrolled Recursion in Akka Http Server
2022-04-24 05:51:24
veracode
veracode
Denial Of Service (DoS)
2021-11-04 06:15:40
packetstorm
packetstorm
Akka HTTP 10.1.14 Denial Of Service
2022-05-11 00:00:00
prion
prion
Design/Logic Flaw
2021-11-02 22:15:00
cve
cve
CVE-2021-42697
2021-11-02 22:15:08
nvd
nvd
CVE-2021-42697
2021-11-02 22:15:08
exploitdb
exploitdb
Akka HTTP 10.1.14 - Denial of Service
2022-05-11 00:00:00
openvas
openvas
Akka HTTP < 10.2.7 DoS Vulnerability
2021-11-05 00:00:00