Search for vulnerabilities
Vulnerability details: VCID-5y4u-f2nk-aaac
Vulnerability ID VCID-5y4u-f2nk-aaac
Aliases CVE-2021-3690
GHSA-fj7c-vg2v-ccrm
GMS-2022-2964
Summary A flaw was found in Undertow. A buffer leak on the incoming WebSocket PONG message may lead to memory exhaustion. This flaw allows an attacker to cause a denial of service. The highest threat from this vulnerability is availability.
Status Published
Exploitability 0.5
Weighted Severity 9.0
Risk 4.5
Affected and Fixed Packages Package Details
Weaknesses (4)
CWE-401 Missing Release of Memory after Effective Lifetime
CWE-400 Uncontrolled Resource Consumption
CWE-1035 OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
CWE-937 OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities
System Score Found at
rhas Important https://access.redhat.com/errata/RHSA-2021:3216
rhas Important https://access.redhat.com/errata/RHSA-2021:3217
rhas Important https://access.redhat.com/errata/RHSA-2021:3218
rhas Important https://access.redhat.com/errata/RHSA-2021:3219
rhas Important https://access.redhat.com/errata/RHSA-2021:3425
rhas Important https://access.redhat.com/errata/RHSA-2021:3466
rhas Important https://access.redhat.com/errata/RHSA-2021:3467
rhas Important https://access.redhat.com/errata/RHSA-2021:3468
rhas Important https://access.redhat.com/errata/RHSA-2021:3471
rhas Important https://access.redhat.com/errata/RHSA-2021:3516
rhas Moderate https://access.redhat.com/errata/RHSA-2021:3534
rhas Important https://access.redhat.com/errata/RHSA-2021:3656
rhas Important https://access.redhat.com/errata/RHSA-2021:3658
rhas Important https://access.redhat.com/errata/RHSA-2021:3660
rhas Moderate https://access.redhat.com/errata/RHSA-2021:4767
rhas Critical https://access.redhat.com/errata/RHSA-2021:5134
rhas Important https://access.redhat.com/errata/RHSA-2022:1029
cvssv3 7.5 https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-3690.json
epss 0.00125 https://api.first.org/data/v1/epss?cve=CVE-2021-3690
epss 0.00150 https://api.first.org/data/v1/epss?cve=CVE-2021-3690
epss 0.00150 https://api.first.org/data/v1/epss?cve=CVE-2021-3690
epss 0.00150 https://api.first.org/data/v1/epss?cve=CVE-2021-3690
epss 0.00150 https://api.first.org/data/v1/epss?cve=CVE-2021-3690
epss 0.00150 https://api.first.org/data/v1/epss?cve=CVE-2021-3690
epss 0.00150 https://api.first.org/data/v1/epss?cve=CVE-2021-3690
epss 0.00150 https://api.first.org/data/v1/epss?cve=CVE-2021-3690
epss 0.00150 https://api.first.org/data/v1/epss?cve=CVE-2021-3690
epss 0.00150 https://api.first.org/data/v1/epss?cve=CVE-2021-3690
epss 0.00150 https://api.first.org/data/v1/epss?cve=CVE-2021-3690
epss 0.00150 https://api.first.org/data/v1/epss?cve=CVE-2021-3690
epss 0.00184 https://api.first.org/data/v1/epss?cve=CVE-2021-3690
epss 0.00184 https://api.first.org/data/v1/epss?cve=CVE-2021-3690
epss 0.00184 https://api.first.org/data/v1/epss?cve=CVE-2021-3690
epss 0.00522 https://api.first.org/data/v1/epss?cve=CVE-2021-3690
epss 0.00522 https://api.first.org/data/v1/epss?cve=CVE-2021-3690
epss 0.00522 https://api.first.org/data/v1/epss?cve=CVE-2021-3690
epss 0.00522 https://api.first.org/data/v1/epss?cve=CVE-2021-3690
epss 0.00522 https://api.first.org/data/v1/epss?cve=CVE-2021-3690
epss 0.00522 https://api.first.org/data/v1/epss?cve=CVE-2021-3690
epss 0.00522 https://api.first.org/data/v1/epss?cve=CVE-2021-3690
epss 0.00522 https://api.first.org/data/v1/epss?cve=CVE-2021-3690
epss 0.00522 https://api.first.org/data/v1/epss?cve=CVE-2021-3690
epss 0.00522 https://api.first.org/data/v1/epss?cve=CVE-2021-3690
epss 0.00522 https://api.first.org/data/v1/epss?cve=CVE-2021-3690
epss 0.00522 https://api.first.org/data/v1/epss?cve=CVE-2021-3690
epss 0.00522 https://api.first.org/data/v1/epss?cve=CVE-2021-3690
epss 0.00522 https://api.first.org/data/v1/epss?cve=CVE-2021-3690
epss 0.00522 https://api.first.org/data/v1/epss?cve=CVE-2021-3690
epss 0.00522 https://api.first.org/data/v1/epss?cve=CVE-2021-3690
epss 0.00522 https://api.first.org/data/v1/epss?cve=CVE-2021-3690
epss 0.00522 https://api.first.org/data/v1/epss?cve=CVE-2021-3690
epss 0.00522 https://api.first.org/data/v1/epss?cve=CVE-2021-3690
epss 0.00522 https://api.first.org/data/v1/epss?cve=CVE-2021-3690
epss 0.00522 https://api.first.org/data/v1/epss?cve=CVE-2021-3690
epss 0.00522 https://api.first.org/data/v1/epss?cve=CVE-2021-3690
epss 0.00522 https://api.first.org/data/v1/epss?cve=CVE-2021-3690
epss 0.00522 https://api.first.org/data/v1/epss?cve=CVE-2021-3690
epss 0.00522 https://api.first.org/data/v1/epss?cve=CVE-2021-3690
epss 0.00522 https://api.first.org/data/v1/epss?cve=CVE-2021-3690
epss 0.00522 https://api.first.org/data/v1/epss?cve=CVE-2021-3690
epss 0.00522 https://api.first.org/data/v1/epss?cve=CVE-2021-3690
epss 0.00522 https://api.first.org/data/v1/epss?cve=CVE-2021-3690
epss 0.00522 https://api.first.org/data/v1/epss?cve=CVE-2021-3690
epss 0.00522 https://api.first.org/data/v1/epss?cve=CVE-2021-3690
epss 0.00522 https://api.first.org/data/v1/epss?cve=CVE-2021-3690
epss 0.00522 https://api.first.org/data/v1/epss?cve=CVE-2021-3690
epss 0.00522 https://api.first.org/data/v1/epss?cve=CVE-2021-3690
epss 0.00522 https://api.first.org/data/v1/epss?cve=CVE-2021-3690
epss 0.00522 https://api.first.org/data/v1/epss?cve=CVE-2021-3690
epss 0.00522 https://api.first.org/data/v1/epss?cve=CVE-2021-3690
epss 0.00522 https://api.first.org/data/v1/epss?cve=CVE-2021-3690
epss 0.00522 https://api.first.org/data/v1/epss?cve=CVE-2021-3690
epss 0.00522 https://api.first.org/data/v1/epss?cve=CVE-2021-3690
epss 0.00522 https://api.first.org/data/v1/epss?cve=CVE-2021-3690
epss 0.00522 https://api.first.org/data/v1/epss?cve=CVE-2021-3690
epss 0.00522 https://api.first.org/data/v1/epss?cve=CVE-2021-3690
epss 0.00522 https://api.first.org/data/v1/epss?cve=CVE-2021-3690
epss 0.00522 https://api.first.org/data/v1/epss?cve=CVE-2021-3690
epss 0.00522 https://api.first.org/data/v1/epss?cve=CVE-2021-3690
epss 0.00522 https://api.first.org/data/v1/epss?cve=CVE-2021-3690
epss 0.00522 https://api.first.org/data/v1/epss?cve=CVE-2021-3690
epss 0.00522 https://api.first.org/data/v1/epss?cve=CVE-2021-3690
epss 0.00522 https://api.first.org/data/v1/epss?cve=CVE-2021-3690
epss 0.00522 https://api.first.org/data/v1/epss?cve=CVE-2021-3690
epss 0.00522 https://api.first.org/data/v1/epss?cve=CVE-2021-3690
epss 0.00522 https://api.first.org/data/v1/epss?cve=CVE-2021-3690
epss 0.00522 https://api.first.org/data/v1/epss?cve=CVE-2021-3690
epss 0.00522 https://api.first.org/data/v1/epss?cve=CVE-2021-3690
epss 0.00522 https://api.first.org/data/v1/epss?cve=CVE-2021-3690
epss 0.00522 https://api.first.org/data/v1/epss?cve=CVE-2021-3690
epss 0.00522 https://api.first.org/data/v1/epss?cve=CVE-2021-3690
epss 0.00522 https://api.first.org/data/v1/epss?cve=CVE-2021-3690
epss 0.00522 https://api.first.org/data/v1/epss?cve=CVE-2021-3690
epss 0.00522 https://api.first.org/data/v1/epss?cve=CVE-2021-3690
epss 0.00522 https://api.first.org/data/v1/epss?cve=CVE-2021-3690
epss 0.00522 https://api.first.org/data/v1/epss?cve=CVE-2021-3690
epss 0.00522 https://api.first.org/data/v1/epss?cve=CVE-2021-3690
epss 0.00522 https://api.first.org/data/v1/epss?cve=CVE-2021-3690
epss 0.00522 https://api.first.org/data/v1/epss?cve=CVE-2021-3690
epss 0.00522 https://api.first.org/data/v1/epss?cve=CVE-2021-3690
epss 0.00522 https://api.first.org/data/v1/epss?cve=CVE-2021-3690
epss 0.00557 https://api.first.org/data/v1/epss?cve=CVE-2021-3690
epss 0.00557 https://api.first.org/data/v1/epss?cve=CVE-2021-3690
epss 0.00557 https://api.first.org/data/v1/epss?cve=CVE-2021-3690
epss 0.00634 https://api.first.org/data/v1/epss?cve=CVE-2021-3690
epss 0.00634 https://api.first.org/data/v1/epss?cve=CVE-2021-3690
epss 0.00634 https://api.first.org/data/v1/epss?cve=CVE-2021-3690
epss 0.01405 https://api.first.org/data/v1/epss?cve=CVE-2021-3690
cvssv3.1 7.5 https://bugzilla.redhat.com/show_bug.cgi?id=1991299
generic_textual HIGH https://bugzilla.redhat.com/show_bug.cgi?id=1991299
cvssv3.1_qr HIGH https://github.com/advisories/GHSA-fj7c-vg2v-ccrm
cvssv3.1 7.5 https://github.com/undertow-io/undertow
generic_textual HIGH https://github.com/undertow-io/undertow
cvssv3.1 7.5 https://github.com/undertow-io/undertow/commit/c7e84a0b7efced38506d7d1dfea5902366973877
generic_textual HIGH https://github.com/undertow-io/undertow/commit/c7e84a0b7efced38506d7d1dfea5902366973877
cvssv3.1 7.5 https://issues.redhat.com/browse/UNDERTOW-1935
generic_textual HIGH https://issues.redhat.com/browse/UNDERTOW-1935
cvssv3 7.5 https://nvd.nist.gov/vuln/detail/CVE-2021-3690
cvssv3.1 7.5 https://nvd.nist.gov/vuln/detail/CVE-2021-3690
Reference id Reference type URL
https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-3690.json
https://api.first.org/data/v1/epss?cve=CVE-2021-3690
https://bugzilla.redhat.com/show_bug.cgi?id=1991299
https://github.com/undertow-io/undertow
https://github.com/undertow-io/undertow/commit/c7e84a0b7efced38506d7d1dfea5902366973877
https://issues.redhat.com/browse/UNDERTOW-1935
cpe:2.3:a:redhat:fuse:1.0:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:fuse:1.0:*:*:*:*:*:*:*
cpe:2.3:a:redhat:integration_camel_k:-:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:integration_camel_k:-:*:*:*:*:*:*:*
cpe:2.3:a:redhat:integration_camel_quarkus:-:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:integration_camel_quarkus:-:*:*:*:*:*:*:*
cpe:2.3:a:redhat:jboss_enterprise_application_platform:-:*:*:*:text-only:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:jboss_enterprise_application_platform:-:*:*:*:text-only:*:*:*
cpe:2.3:a:redhat:openshift_application_runtimes:-:*:*:*:text-only:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:openshift_application_runtimes:-:*:*:*:text-only:*:*:*
cpe:2.3:a:redhat:single_sign-on:-:*:*:*:text-only:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:single_sign-on:-:*:*:*:text-only:*:*:*
cpe:2.3:a:redhat:undertow:*:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:undertow:*:*:*:*:*:*:*:*
CVE-2021-3690 https://access.redhat.com/security/cve/CVE-2021-3690
CVE-2021-3690 https://nvd.nist.gov/vuln/detail/CVE-2021-3690
CVE-2021-3690 https://www.mend.io/vulnerability-database/CVE-2021-3690
CVE-2021-3690#CVE-CVSS-V3 https://access.redhat.com/security/cve/cve-2021-3690#cve-cvss-v3
GHSA-fj7c-vg2v-ccrm https://github.com/advisories/GHSA-fj7c-vg2v-ccrm
RHSA-2021:3216 https://access.redhat.com/errata/RHSA-2021:3216
RHSA-2021:3217 https://access.redhat.com/errata/RHSA-2021:3217
RHSA-2021:3218 https://access.redhat.com/errata/RHSA-2021:3218
RHSA-2021:3219 https://access.redhat.com/errata/RHSA-2021:3219
RHSA-2021:3425 https://access.redhat.com/errata/RHSA-2021:3425
RHSA-2021:3466 https://access.redhat.com/errata/RHSA-2021:3466
RHSA-2021:3467 https://access.redhat.com/errata/RHSA-2021:3467
RHSA-2021:3468 https://access.redhat.com/errata/RHSA-2021:3468
RHSA-2021:3471 https://access.redhat.com/errata/RHSA-2021:3471
RHSA-2021:3516 https://access.redhat.com/errata/RHSA-2021:3516
RHSA-2021:3534 https://access.redhat.com/errata/RHSA-2021:3534
RHSA-2021:3656 https://access.redhat.com/errata/RHSA-2021:3656
RHSA-2021:3658 https://access.redhat.com/errata/RHSA-2021:3658
RHSA-2021:3660 https://access.redhat.com/errata/RHSA-2021:3660
RHSA-2021:4767 https://access.redhat.com/errata/RHSA-2021:4767
RHSA-2021:5134 https://access.redhat.com/errata/RHSA-2021:5134
RHSA-2022:1029 https://access.redhat.com/errata/RHSA-2022:1029
RHSA-2025:4226 https://access.redhat.com/errata/RHSA-2025:4226
No exploits are available.
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-3690.json
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://bugzilla.redhat.com/show_bug.cgi?id=1991299
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://github.com/undertow-io/undertow
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://github.com/undertow-io/undertow/commit/c7e84a0b7efced38506d7d1dfea5902366973877
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://issues.redhat.com/browse/UNDERTOW-1935
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://nvd.nist.gov/vuln/detail/CVE-2021-3690
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://nvd.nist.gov/vuln/detail/CVE-2021-3690
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Exploit Prediction Scoring System (EPSS)
Percentile 0.47985
EPSS Score 0.00125
Published At Nov. 1, 2024, midnight
Date Actor Action Source VulnerableCode Version
There are no relevant records.