Main Vulnerability Database Vulnerabilities #VU20069

Memory leak in Undertow - CVE-2018-1114

Published: August 13, 2019

Vulnerability identifier: #VU20069

CSH Severity: Medium

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green

CVE-ID: CVE-2018-1114

CWE-ID: CWE-401

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vendor: Red Hat Inc.

Affected software:
Undertow

Detailed vulnerability description

The vulnerability allows a remote attacker to perform DoS attack on the target system.

The vulnerability exists due memory leak in URLResource.getLastModified() function in Undertow due to the method closes file descriptors only when they are finalized. A remote attacker can initiate opening of numerous URLs and exhaust all file descriptors, leading to a denial of service (DoS) attack.

How to mitigate CVE-2018-1114

Install updates from vendor's website.

Sources

https://access.redhat.com/errata/RHSA-2018:2643
https://access.redhat.com/errata/RHSA-2018:2669
https://access.redhat.com/errata/RHSA-2019:0877
https://bugs.openjdk.java.net/browse/JDK-6956385
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-1114
https://issues.jboss.org/browse/UNDERTOW-1338

Memory leak in Undertow - CVE-2018-1114

Detailed vulnerability description

How to mitigate CVE-2018-1114

Sources

Please verify you're human