Back to search
CVE-2021-42340
Published: Oct 14, 2021
Modified: Aug 4, 2024
PUBLISHED
Description
The fix for bug 63362 present in Apache Tomcat 10.1.0-M1 to 10.1.0-M5, 10.0.0-M1 to 10.0.11, 9.0.40 to 9.0.53 and 8.5.60 to 8.5.71 introduced a memory leak. The object introduced to collect metrics for HTTP upgrade connections was not released for WebSocket connections once the connection was closed. This created a memory leak that, over time, could lead to a denial of service via an OutOfMemoryError.
| Vendor | Product | Versions |
|---|---|---|
Apache Software Foundation | Apache Tomcat | affected Apache Tomcat 10 10.0.0-M10 to 10.0.11affected Apache Tomcat 10 10.1.0-M1 to 10.1.0-M5affected Apache Tomcat 9 9.0.40 to 9.0.53affected Apache Tomcat 8 8.5.60 to 8.5.71 |
Weaknesses (CWE)
References
[myfaces-commits] 20211021 [myfaces-tobago] branch tobago-5.x updated: build: workaround for CVE-2021-42340
mailing-list
x_refsource_MLIST
DSA-5009
vendor-advisory
x_refsource_DEBIAN
https://www.oracle.com/security-alerts/cpujan2022.html
x_refsource_MISC
https://security.netapp.com/advisory/ntap-20211104-0001/
x_refsource_CONFIRM
https://kc.mcafee.com/corporate/index?page=content&id=SB10379
x_refsource_CONFIRM
https://www.oracle.com/security-alerts/cpuapr2022.html
x_refsource_MISC
https://www.oracle.com/security-alerts/cpujul2022.html
x_refsource_MISC
GLSA-202208-34
vendor-advisory
x_refsource_GENTOO
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now