CVE-2023-3223

A flaw was found in undertow. Servlets annotated with @MultipartConfig may cause an OutOfMemoryError due to large multipart content. This may allow unauthorized users to cause remote Denial of Service (DoS) attack. If the server uses fileSizeThreshold to limit the file size, it's possible to bypass the limit by setting the file name in the request to null.
Configurations

Configuration 1 (hide)

cpe:2.3:a:redhat:undertow:*:*:*:*:*:*:*:*

Configuration 2 (hide)

AND
OR cpe:2.3:a:redhat:openshift_container_platform:4.11:*:*:*:*:*:*:*
cpe:2.3:a:redhat:openshift_container_platform:4.12:*:*:*:*:*:*:*
cpe:2.3:a:redhat:openshift_container_platform_for_ibm_linuxone:4.9:*:*:*:*:*:*:*
cpe:2.3:a:redhat:openshift_container_platform_for_ibm_linuxone:4.10:*:*:*:*:*:*:*
cpe:2.3:a:redhat:openshift_container_platform_for_power:4.9:*:*:*:*:*:*:*
cpe:2.3:a:redhat:openshift_container_platform_for_power:4.10:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*

Configuration 3 (hide)

OR cpe:2.3:a:redhat:jboss_enterprise_application_platform_text-only_advisories:-:*:*:*:*:*:*:*
cpe:2.3:a:redhat:single_sign-on:-:*:*:*:text-only:*:*:*

Configuration 4 (hide)

AND
cpe:2.3:a:redhat:single_sign-on:7.6:*:*:*:*:*:*:*
OR cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux:9.0:*:*:*:*:*:*:*

Configuration 5 (hide)

AND
cpe:2.3:a:redhat:jboss_enterprise_application_platform:7.4:*:*:*:*:*:*:*
OR cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux:9.0:*:*:*:*:*:*:*

History

03 May 2024, 16:15

Type Values Removed Values Added
References
  • () https://access.redhat.com/errata/RHSA-2023:7247 -

27 Oct 2023, 15:15

Type Values Removed Values Added
References
  • (MISC) https://security.netapp.com/advisory/ntap-20231027-0004/ -

28 Sep 2023, 17:43

Type Values Removed Values Added
CPE cpe:2.3:a:redhat:jboss_enterprise_application_platform_text-only_advisories:-:*:*:*:*:*:*:*
cpe:2.3:a:redhat:single_sign-on:-:*:*:*:text-only:*:*:*
cpe:2.3:a:redhat:openshift_container_platform_for_ibm_linuxone:4.9:*:*:*:*:*:*:*
cpe:2.3:a:redhat:openshift_container_platform_for_ibm_linuxone:4.10:*:*:*:*:*:*:*
cpe:2.3:a:redhat:openshift_container_platform:4.11:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux:9.0:*:*:*:*:*:*:*
cpe:2.3:a:redhat:openshift_container_platform_for_power:4.10:*:*:*:*:*:*:*
cpe:2.3:a:redhat:undertow:*:*:*:*:*:*:*:*
cpe:2.3:a:redhat:openshift_container_platform:4.12:*:*:*:*:*:*:*
cpe:2.3:a:redhat:openshift_container_platform_for_power:4.9:*:*:*:*:*:*:*
cpe:2.3:a:redhat:single_sign-on:7.6:*:*:*:*:*:*:*
cpe:2.3:a:redhat:jboss_enterprise_application_platform:7.4:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*
References (MISC) https://access.redhat.com/errata/RHSA-2023:4918 - (MISC) https://access.redhat.com/errata/RHSA-2023:4918 - Vendor Advisory
References (MISC) https://access.redhat.com/errata/RHSA-2023:4505 - (MISC) https://access.redhat.com/errata/RHSA-2023:4505 - Vendor Advisory
References (MISC) https://access.redhat.com/security/cve/CVE-2023-3223 - (MISC) https://access.redhat.com/security/cve/CVE-2023-3223 - Vendor Advisory
References (MISC) https://access.redhat.com/errata/RHSA-2023:4919 - (MISC) https://access.redhat.com/errata/RHSA-2023:4919 - Vendor Advisory
References (MISC) https://access.redhat.com/errata/RHSA-2023:4507 - (MISC) https://access.redhat.com/errata/RHSA-2023:4507 - Vendor Advisory
References (MISC) https://access.redhat.com/errata/RHSA-2023:4509 - (MISC) https://access.redhat.com/errata/RHSA-2023:4509 - Vendor Advisory
References (MISC) https://access.redhat.com/errata/RHSA-2023:4506 - (MISC) https://access.redhat.com/errata/RHSA-2023:4506 - Vendor Advisory
References (MISC) https://bugzilla.redhat.com/show_bug.cgi?id=2209689 - (MISC) https://bugzilla.redhat.com/show_bug.cgi?id=2209689 - Issue Tracking, Vendor Advisory
References (MISC) https://access.redhat.com/errata/RHSA-2023:4921 - (MISC) https://access.redhat.com/errata/RHSA-2023:4921 - Vendor Advisory
References (MISC) https://access.redhat.com/errata/RHSA-2023:4920 - (MISC) https://access.redhat.com/errata/RHSA-2023:4920 - Vendor Advisory
References (MISC) https://access.redhat.com/errata/RHSA-2023:4924 - (MISC) https://access.redhat.com/errata/RHSA-2023:4924 - Vendor Advisory
CVSS v2 : unknown
v3 : unknown
v2 : unknown
v3 : 7.5
CWE NVD-CWE-noinfo
First Time Redhat openshift Container Platform
Redhat jboss Enterprise Application Platform
Redhat jboss Enterprise Application Platform Text-only Advisories
Redhat
Redhat single Sign-on
Redhat undertow
Redhat openshift Container Platform For Ibm Linuxone
Redhat enterprise Linux
Redhat openshift Container Platform For Power

27 Sep 2023, 15:18

Type Values Removed Values Added
New CVE

Information

Published : 2023-09-27 15:18

Updated : 2024-05-03 16:15


NVD link : CVE-2023-3223

Mitre link : CVE-2023-3223

CVE.ORG link : CVE-2023-3223


JSON object : View

Products Affected

redhat

  • single_sign-on
  • openshift_container_platform
  • undertow
  • jboss_enterprise_application_platform_text-only_advisories
  • openshift_container_platform_for_ibm_linuxone
  • jboss_enterprise_application_platform
  • openshift_container_platform_for_power
  • enterprise_linux
CWE
NVD-CWE-noinfo CWE-789

Memory Allocation with Excessive Size Value