Home

CVE-2021-42697

Description

Akka HTTP 10.1.x before 10.1.15 and 10.2.x before 10.2.7 can encounter stack exhaustion while parsing HTTP headers, which allows a remote attacker to conduct a Denial of Service attack by sending a User-Agent header with deeply nested comments.

Risk Information

Base Score
7.5
MODERATE
Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
EPSS Score
Exploitation Probability
75.541

Associated Vulnerability

VulnerabilityOS Platform
Vulnerabilities CVE-2021-42697 are fixed in Typesafe - akka-http 10.2.7Windows
Vulnerabilities CVE-2021-42697 are fixed in Typesafe-akka-http-core_2.13 10.1.15Windows
Vulnerabilities CVE-2021-42697 are fixed in Typesafe-akka-http-core_2.13 10.2.7Windows
Vulnerabilities CVE-2021-42697 are fixed in Typesafe-akka-http-core_2.12 10.1.15Windows
Vulnerabilities CVE-2021-42697 are fixed in Typesafe-akka-http-core_2.12 10.2.7Windows
Vulnerabilities CVE-2021-42697 are fixed in Typesafe-akka-http-core_2.11 10.1.15Windows
Vulnerabilities CVE-2021-42697 are affected in Typesafe - akka-http-core_2.13.0-RC2 10.1.14Windows
Vulnerabilities CVE-2021-42697 are affected in Typesafe - akka-http-core_2.13.0-RC3 10.1.14Windows
Vulnerabilities CVE-2021-42697 are fixed in Typesafe - akka-http for Linux 10.2.7Linux
Vulnerabilities CVE-2021-42697 are fixed in Typesafe-akka-http-core_2.13 for Linux 10.1.15Linux
Vulnerabilities CVE-2021-42697 are fixed in Typesafe-akka-http-core_2.13 for Linux 10.2.7Linux
Vulnerabilities CVE-2021-42697 are fixed in Typesafe-akka-http-core_2.12 for Linux 10.1.15Linux
Vulnerabilities CVE-2021-42697 are fixed in Typesafe-akka-http-core_2.12 for Linux 10.2.7Linux
Vulnerabilities CVE-2021-42697 are fixed in Typesafe-akka-http-core_2.11 for Linux 10.1.15Linux
Vulnerabilities CVE-2021-42697 are affected in Typesafe - akka-http-core_2.13.0-RC2 for Linux 10.1.14Linux
Vulnerabilities CVE-2021-42697 are affected in Typesafe - akka-http-core_2.13.0-RC3 for Linux 10.1.14Linux

Patch Details

No records found

References

https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234