Undertow Loop with Unreachable Exit Condition (Infinite Loop) Vulnerability - CVE-2017-2670 - Vulnerability Database

Undertow Loop with Unreachable Exit Condition (Infinite Loop) Vulnerability - CVE-2017-2670

High

Reference: CVE-2017-2670

NVD Link: https://nvd.nist.gov/vuln/detail/CVE-2017-2670

Title: Undertow Loop with Unreachable Exit Condition (Infinite Loop) Vulnerability

Overview:

It was found in Undertow before 1.3.28 that with non-clean TCP close the Websocket server gets into infinite loop on every IO thread effectively causing DoS.