Loading HuntDB...

Vulnerability Intelligence by wss.sh

Home Daily Briefings High Impact CVEs Recent Exploits KEV Catalog Latest Updates Security News

More Sources

HackerOne Reports

Bug bounty disclosures

WordPress Vulnerabilities

WordPress plugins & themes

Tools & Data

Trending Insights

Popular vulnerabilities

Advanced Search

Filter & search CVEs

Product Inventory

Software & vendors

Sign In Sign Up

CVE-2021-42340

UNKNOWN

Published 2021-10-14T19:55:14

Actions:

No CVSS data available

Description

The fix for bug 63362 present in Apache Tomcat 10.1.0-M1 to 10.1.0-M5, 10.0.0-M1 to 10.0.11, 9.0.40 to 9.0.53 and 8.5.60 to 8.5.71 introduced a memory leak. The object introduced to collect metrics for HTTP upgrade connections was not released for WebSocket connections once the connection was closed. This created a memory leak that, over time, could lead to a denial of service via an OutOfMemoryError.

Available Exploits

No exploits available for this CVE.

Related News

No news articles found for this CVE.

Affected Products

Apache Software Foundation

Apache Tomcat

Affected Versions:

Apache Tomcat 10 10.0.0-M10 to 10.0.11 Apache Tomcat 10 10.1.0-M1 to 10.1.0-M5 Apache Tomcat 9 9.0.40 to 9.0.53 Apache Tomcat 8 8.5.60 to 8.5.71

References

https://lists.apache.org/thread.html/r83a35be60f06aca2065f188ee542b9099695d57ced2e70e0885f905c%40%3Cannounce.tomcat.apache.org%3E

https://lists.apache.org/thread.html/r8097a2d1550aa78e585fc77e602b9046e6d4099d8d132497c5387784%40%3Ccommits.myfaces.apache.org%3E

https://www.debian.org/security/2021/dsa-5009

https://www.oracle.com/security-alerts/cpujan2022.html

https://security.netapp.com/advisory/ntap-20211104-0001/

https://kc.mcafee.com/corporate/index?page=content&id=SB10379

https://www.oracle.com/security-alerts/cpuapr2022.html

https://www.oracle.com/security-alerts/cpujul2022.html

https://security.gentoo.org/glsa/202208-34

Published: 2021-10-14T19:55:14

Last Modified: 2024-08-04T03:30:38.354Z

Copied to clipboard!