#VU59089 Infinite loop in cflinuxfs3


Published: 2021-12-22

Vulnerability identifier: #VU59089

Vulnerability risk: Low

CVSSv3.1: 3.8 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L/E:U/RL:O/RC:C]

CVE-ID: CVE-2021-3737

CWE-ID: CWE-835

Exploitation vector: Network

Exploit availability: No

Vulnerable software:
cflinuxfs3
Other software / Other software solutions

Vendor: Cloud Foundry Foundation

Description

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to infinite loop. A remote attacker who controls a malicious server can force the client to enter an infinite loop on a 100 Continue response.

Mitigation
Install updates from vendor's website.

Vulnerable software versions

cflinuxfs3: 0.200.0 - 0.270.0

External links
http://github.com/cloudfoundry/cflinuxfs3/releases/tag/0.271.0

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.


Latest bulletins with this vulnerability


Multiple vulnerabilities in Dell EMC Enterprise SONiC
Multiple vulnerabilities in IBM QRadar Suite software
Multiple vulnerabilities in Netcool Operations Insight
Multiple vulnerabilities in Dell Unity, Dell UnityVSA, and Dell Unity XT
Multiple vulnerabilities in IBM QRadar SIEM
Multiple vulnerabilities in IBM Spectrum Protect Plus
Multiple vulnerabilities in IBM Cloud Pak for Security (CP4S)
Multiple vulnerabilities in Oracle Database Server
Multiple vulnerabilities in IBM Cognos Analytics
Multiple vulnerabilities in OpenShift Virtualization