{"id":"CVE-2023-1973","details":"A flaw was found in Undertow package. Using the FormAuthenticationMechanism, a malicious user could trigger a Denial of Service by sending crafted requests, leading the server to an OutofMemory error, exhausting the server's memory.","aliases":["GHSA-97cq-f4jm-mv8h"],"modified":"2025-01-09T04:51:03.244248Z","published":"2024-11-07T10:15:05Z","withdrawn":"2025-05-22T18:51:40.326225Z","references":[{"type":"ADVISORY","url":"https://access.redhat.com/errata/RHSA-2024:1674"},{"type":"ADVISORY","url":"https://access.redhat.com/errata/RHSA-2024:1675"},{"type":"ADVISORY","url":"https://access.redhat.com/errata/RHSA-2024:1676"},{"type":"ADVISORY","url":"https://access.redhat.com/errata/RHSA-2024:1677"},{"type":"ADVISORY","url":"https://access.redhat.com/errata/RHSA-2024:2763"},{"type":"ADVISORY","url":"https://access.redhat.com/errata/RHSA-2024:2764"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=2185662"},{"type":"WEB","url":"https://access.redhat.com/security/cve/CVE-2023-1973"},{"type":"ADVISORY","url":"https://security-tracker.debian.org/tracker/CVE-2023-1973"}],"affected":[{"package":{"name":"undertow","ecosystem":"Debian:13","purl":"pkg:deb/debian/undertow?arch=source"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"2.3.18-1"}]}],"versions":["1.3.11-1","1.3.16-1","1.3.19-1","1.3.21-1","1.3.23-1","1.3.4-1","1.3.5-1","1.3.7-1","1.4.0-1","1.4.1-1","1.4.18-1","1.4.20-1","1.4.21-1","1.4.21-2","1.4.22-1","1.4.23-1","1.4.23-2","1.4.23-3","1.4.25-1","1.4.25-2","1.4.3-1","1.4.4-1","1.4.6-1","1.4.7-1","1.4.8-1","2.0.23-1","2.0.25-1","2.0.26-1","2.0.27-1","2.0.28-1","2.0.29-1","2.0.30-1","2.1.0-1","2.1.1-1","2.1.3-1","2.2.0-1","2.2.10-1","2.2.12-1","2.2.13-1","2.2.14-1","2.2.16-1","2.2.17-1","2.2.18-1","2.2.19-1","2.2.2-1","2.2.20-1","2.2.21-1","2.2.3-1","2.2.4-1","2.2.5-1","2.2.8-1","2.3.8-1","2.3.8-2"],"ecosystem_specific":{"urgency":"not yet assigned"},"database_specific":{"source":"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2023-1973.json"}}],"schema_version":"1.7.3","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}]}