CVE-2021-42340 log

Source	CVE Red Hat MITRE NVD Debian Ubuntu SUSE Alpine Mageia CVE Details CIRCL Bugs Arch Linux Red Hat Gentoo SUSE GitHub Lists oss-security full-disclosure bugtraq Misc GitHub code web search
Severity	High
Remote	Yes
Type	Denial of service
Description	A security issue has been found in Apache Tomcat before versions 10.0.12, 9.0.54 and 8.5.72. The fix for bug 63362 introduced a memory leak. The object introduced to collect metrics for HTTP upgrade connections was not released for WebSocket connections once the WebSocket connection was closed. This created a memory leak that, over time, could lead to a denial of service via an OutOfMemoryError.

Group	Package	Affected	Fixed	Severity	Status
AVG-2471	tomcat8	8.5.71-1	8.5.72-1	High	Fixed
AVG-2470	tomcat9	9.0.53-1	9.0.54-1	High	Fixed
AVG-2469	tomcat10	10.0.11-1	10.0.12-1	High	Fixed

References
https://lists.apache.org/thread.html/r83a35be60f06aca2065f188ee542b9099695d57ced2e70e0885f905c%40%3Cannounce.tomcat.apache.org%3E https://bz.apache.org/bugzilla/show_bug.cgi?id=63362