Akka HTTP < 10.2.7 DoS Vulnerability CVE-2018-16131
- CVSSv3 Score
- Vulnerability description
Akka HTTP is prone to a denial of service (DoS) vulnerability.
- Risk description
The HTTP specification allows arbitrary nesting of comment elements in User-Agent and other headers. While parsing a request containing a User-Agent header with deeply nested comments, Akka HTTP may fail with a stack overflow in the parser. Stack overflows are handled as fatal errors in Akka leading to a complete shutdown of the application. An Akka HTTP application server which is exposed to the internet can be remotely crashed by sending a crafted User-Agent header leading to a loss of availability.
Update to version 10.2.7 or later.
- Not available