CVE-2023-3223

Undertow: outofmemoryerror due to @multipartconfig handling

Severity Score

7.5

*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

Attend

*SSVC

Descriptions

A flaw was found in undertow. Servlets annotated with @MultipartConfig may cause an OutOfMemoryError due to large multipart content. This may allow unauthorized users to cause remote Denial of Service (DoS) attack. If the server uses fileSizeThreshold to limit the file size, it's possible to bypass the limit by setting the file name in the request to null.

Se encontró una falla en el undertow. Los servlets anotados con @MultipartConfig pueden causar un OutOfMemoryError debido a un gran contenido multiparte. Esto puede permitir que usuarios no autorizados provoquen un ataque remoto de denegación de servicio (DoS). Si el servidor usa fileSizeThreshold para limitar el tamaño del archivo, es posible evitar el límite estableciendo el nombre del archivo en la solicitud en nulo.

*Credits: Red Hat would like to thank Keke Lian & Haoran Zhao (SecSys Lab) for reporting this issue.

CVSS Scores

NISTv3.1 7.5

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

None

Integrity

None

Availability

High

* Common Vulnerability Scoring System

SSVC

Decision:Attend

Exploitation

None

Automatable

Yes

Tech. Impact

Partial

* Organization's Worst-case Scenario

Timeline

2023-06-13 CVE Reserved
2023-08-08 CVE Published
2024-08-02 CVE Updated
2024-10-29 EPSS Updated
---------- Exploited in Wild
---------- KEV Due Date
---------- First Exploit

CWE

CWE-789: Memory Allocation with Excessive Size Value

CAPEC

References (13)

URL	Tag	Source
https://security.netapp.com/advisory/ntap-20231027-0004

URL	Date	SRC

URL	Date	SRC

URL	Date	SRC
https://access.redhat.com/errata/RHSA-2023:4505	2024-05-03
https://access.redhat.com/errata/RHSA-2023:4506	2024-05-03
https://access.redhat.com/errata/RHSA-2023:4507	2024-05-03
https://access.redhat.com/errata/RHSA-2023:4509	2024-05-03
https://access.redhat.com/errata/RHSA-2023:4918	2024-05-03
https://access.redhat.com/errata/RHSA-2023:4919	2024-05-03
https://access.redhat.com/errata/RHSA-2023:4920	2024-05-03
https://access.redhat.com/errata/RHSA-2023:4921	2024-05-03
https://access.redhat.com/errata/RHSA-2023:4924	2024-05-03
https://access.redhat.com/errata/RHSA-2023:7247	2024-05-03
https://access.redhat.com/security/cve/CVE-2023-3223	2024-05-03
https://bugzilla.redhat.com/show_bug.cgi?id=2209689	2024-05-03

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Redhat Search vendor "Redhat"	Openshift Container Platform Search vendor "Redhat" for product "Openshift Container Platform"	4.11 Search vendor "Redhat" for product "Openshift Container Platform" and version "4.11"	-	Affected	in	Redhat Search vendor "Redhat"	Enterprise Linux Search vendor "Redhat" for product "Enterprise Linux"	8.0 Search vendor "Redhat" for product "Enterprise Linux" and version "8.0"	-	Safe
Redhat Search vendor "Redhat"	Openshift Container Platform Search vendor "Redhat" for product "Openshift Container Platform"	4.12 Search vendor "Redhat" for product "Openshift Container Platform" and version "4.12"	-	Affected	in	Redhat Search vendor "Redhat"	Enterprise Linux Search vendor "Redhat" for product "Enterprise Linux"	8.0 Search vendor "Redhat" for product "Enterprise Linux" and version "8.0"	-	Safe
Redhat Search vendor "Redhat"	Openshift Container Platform For Ibm Linuxone Search vendor "Redhat" for product "Openshift Container Platform For Ibm Linuxone"	4.9 Search vendor "Redhat" for product "Openshift Container Platform For Ibm Linuxone" and version "4.9"	-	Affected	in	Redhat Search vendor "Redhat"	Enterprise Linux Search vendor "Redhat" for product "Enterprise Linux"	8.0 Search vendor "Redhat" for product "Enterprise Linux" and version "8.0"	-	Safe
Redhat Search vendor "Redhat"	Openshift Container Platform For Ibm Linuxone Search vendor "Redhat" for product "Openshift Container Platform For Ibm Linuxone"	4.10 Search vendor "Redhat" for product "Openshift Container Platform For Ibm Linuxone" and version "4.10"	-	Affected	in	Redhat Search vendor "Redhat"	Enterprise Linux Search vendor "Redhat" for product "Enterprise Linux"	8.0 Search vendor "Redhat" for product "Enterprise Linux" and version "8.0"	-	Safe
Redhat Search vendor "Redhat"	Openshift Container Platform For Power Search vendor "Redhat" for product "Openshift Container Platform For Power"	4.9 Search vendor "Redhat" for product "Openshift Container Platform For Power" and version "4.9"	-	Affected	in	Redhat Search vendor "Redhat"	Enterprise Linux Search vendor "Redhat" for product "Enterprise Linux"	8.0 Search vendor "Redhat" for product "Enterprise Linux" and version "8.0"	-	Safe
Redhat Search vendor "Redhat"	Openshift Container Platform For Power Search vendor "Redhat" for product "Openshift Container Platform For Power"	4.10 Search vendor "Redhat" for product "Openshift Container Platform For Power" and version "4.10"	-	Affected	in	Redhat Search vendor "Redhat"	Enterprise Linux Search vendor "Redhat" for product "Enterprise Linux"	8.0 Search vendor "Redhat" for product "Enterprise Linux" and version "8.0"	-	Safe
Redhat Search vendor "Redhat"	Single Sign-on Search vendor "Redhat" for product "Single Sign-on"	7.6 Search vendor "Redhat" for product "Single Sign-on" and version "7.6"	-	Affected	in	Redhat Search vendor "Redhat"	Enterprise Linux Search vendor "Redhat" for product "Enterprise Linux"	7.0 Search vendor "Redhat" for product "Enterprise Linux" and version "7.0"	-	Safe
Redhat Search vendor "Redhat"	Single Sign-on Search vendor "Redhat" for product "Single Sign-on"	7.6 Search vendor "Redhat" for product "Single Sign-on" and version "7.6"	-	Affected	in	Redhat Search vendor "Redhat"	Enterprise Linux Search vendor "Redhat" for product "Enterprise Linux"	8.0 Search vendor "Redhat" for product "Enterprise Linux" and version "8.0"	-	Safe
Redhat Search vendor "Redhat"	Single Sign-on Search vendor "Redhat" for product "Single Sign-on"	7.6 Search vendor "Redhat" for product "Single Sign-on" and version "7.6"	-	Affected	in	Redhat Search vendor "Redhat"	Enterprise Linux Search vendor "Redhat" for product "Enterprise Linux"	9.0 Search vendor "Redhat" for product "Enterprise Linux" and version "9.0"	-	Safe
Redhat Search vendor "Redhat"	Jboss Enterprise Application Platform Search vendor "Redhat" for product "Jboss Enterprise Application Platform"	7.4 Search vendor "Redhat" for product "Jboss Enterprise Application Platform" and version "7.4"	-	Affected	in	Redhat Search vendor "Redhat"	Enterprise Linux Search vendor "Redhat" for product "Enterprise Linux"	7.0 Search vendor "Redhat" for product "Enterprise Linux" and version "7.0"	-	Safe
Redhat Search vendor "Redhat"	Jboss Enterprise Application Platform Search vendor "Redhat" for product "Jboss Enterprise Application Platform"	7.4 Search vendor "Redhat" for product "Jboss Enterprise Application Platform" and version "7.4"	-	Affected	in	Redhat Search vendor "Redhat"	Enterprise Linux Search vendor "Redhat" for product "Enterprise Linux"	8.0 Search vendor "Redhat" for product "Enterprise Linux" and version "8.0"	-	Safe
Redhat Search vendor "Redhat"	Jboss Enterprise Application Platform Search vendor "Redhat" for product "Jboss Enterprise Application Platform"	7.4 Search vendor "Redhat" for product "Jboss Enterprise Application Platform" and version "7.4"	-	Affected	in	Redhat Search vendor "Redhat"	Enterprise Linux Search vendor "Redhat" for product "Enterprise Linux"	9.0 Search vendor "Redhat" for product "Enterprise Linux" and version "9.0"	-	Safe
Redhat Search vendor "Redhat"		Undertow Search vendor "Redhat" for product "Undertow"				< 2.2.24 Search vendor "Redhat" for product "Undertow" and version " < 2.2.24"		-		Affected
Redhat Search vendor "Redhat"		Jboss Enterprise Application Platform Text-only Advisories Search vendor "Redhat" for product "Jboss Enterprise Application Platform Text-only Advisories"				-		-		Affected
Redhat Search vendor "Redhat"		Single Sign-on Search vendor "Redhat" for product "Single Sign-on"				-		text-only		Affected