Akka HTTP 10.1.x before 10.1.15 and 10.2.x before 10.2.7 can encounter stack exhaustion while parsing HTTP headers, which allows a remote attacker to conduct a Denial of Service attack by sending a User-Agent header with deeply nested comments.
References
Link | Resource |
---|---|
http://packetstormsecurity.com/files/167018/Akka-HTTP-10.1.14-Denial-Of-Service.html | Exploit Third Party Advisory VDB Entry |
https://akka.io/blog/ | Vendor Advisory |
https://akka.io/blog/news/2021/11/02/akka-http-10.2.7-released | Release Notes Vendor Advisory |
https://akka.io/blog/news/2021/11/22/akka-http-10.1.15-released | Release Notes Vendor Advisory |
https://doc.akka.io/docs/akka-http/current/security/2021-CVE-2021-42697-stack-overflow-parsing-user-agent.html | Vendor Advisory |
http://packetstormsecurity.com/files/167018/Akka-HTTP-10.1.14-Denial-Of-Service.html | Exploit Third Party Advisory VDB Entry |
https://akka.io/blog/ | Vendor Advisory |
https://akka.io/blog/news/2021/11/02/akka-http-10.2.7-released | Release Notes Vendor Advisory |
https://akka.io/blog/news/2021/11/22/akka-http-10.1.15-released | Release Notes Vendor Advisory |
https://doc.akka.io/docs/akka-http/current/security/2021-CVE-2021-42697-stack-overflow-parsing-user-agent.html | Vendor Advisory |
Configurations
Configuration 1 (hide)
|
History
21 Nov 2024, 06:27
Type | Values Removed | Values Added |
---|---|---|
References | () http://packetstormsecurity.com/files/167018/Akka-HTTP-10.1.14-Denial-Of-Service.html - Exploit, Third Party Advisory, VDB Entry | |
References | () https://akka.io/blog/ - Vendor Advisory | |
References | () https://akka.io/blog/news/2021/11/02/akka-http-10.2.7-released - Release Notes, Vendor Advisory | |
References | () https://akka.io/blog/news/2021/11/22/akka-http-10.1.15-released - Release Notes, Vendor Advisory | |
References | () https://doc.akka.io/docs/akka-http/current/security/2021-CVE-2021-42697-stack-overflow-parsing-user-agent.html - Vendor Advisory |
13 Jun 2022, 15:41
Type | Values Removed | Values Added |
---|---|---|
References | (MISC) http://packetstormsecurity.com/files/167018/Akka-HTTP-10.1.14-Denial-Of-Service.html - Exploit, Third Party Advisory, VDB Entry |
03 Jun 2022, 17:30
Type | Values Removed | Values Added |
---|---|---|
References | (MISC) http://packetstormsecurity.com/files/167018/Akka-HTTP-10.1.14-Denial-Of-Service.html - Exploit, Third Party Advisory | |
References | (MISC) https://akka.io/blog/news/2021/11/22/akka-http-10.1.15-released - Release Notes, Vendor Advisory | |
CWE |
11 May 2022, 18:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
03 May 2022, 16:04
Type | Values Removed | Values Added |
---|---|---|
CWE | CWE-674 |
15 Apr 2022, 21:15
Type | Values Removed | Values Added |
---|---|---|
Summary | Akka HTTP 10.1.x before 10.1.15 and 10.2.x before 10.2.7 can encounter stack exhaustion while parsing HTTP headers, which allows a remote attacker to conduct a Denial of Service attack by sending a User-Agent header with deeply nested comments. | |
References |
|
04 Nov 2021, 14:51
Type | Values Removed | Values Added |
---|---|---|
CVSS |
v2 : v3 : |
v2 : 5.0
v3 : 7.5 |
References | (MISC) https://doc.akka.io/docs/akka-http/current/security/2021-CVE-2021-42697-stack-overflow-parsing-user-agent.html - Vendor Advisory | |
References | (MISC) https://akka.io/blog/news/2021/11/02/akka-http-10.2.7-released - Release Notes, Vendor Advisory | |
References | (MISC) https://akka.io/blog/ - Vendor Advisory | |
CWE | CWE-787 | |
CPE | cpe:2.3:a:akka:http_server:*:*:*:*:*:*:*:* |
02 Nov 2021, 23:13
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2021-11-02 22:15
Updated : 2024-11-21 06:27
NVD link : CVE-2021-42697
Mitre link : CVE-2021-42697
CVE.ORG link : CVE-2021-42697
JSON object : View
Products Affected
akka
- http_server
CWE
CWE-674
Uncontrolled Recursion