Publish GHSA-3p2h-wqq4-wf4h

advisory-database[bot] · advisory-database[bot] · commit 8052189f5ea6 · 2025-08-08T18:54:19.000Z
diff --git a/advisories/github-reviewed/2025/04/GHSA-3p2h-wqq4-wf4h/GHSA-3p2h-wqq4-wf4h.json b/advisories/github-reviewed/2025/04/GHSA-3p2h-wqq4-wf4h/GHSA-3p2h-wqq4-wf4h.json
@@ -1,13 +1,13 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-3p2h-wqq4-wf4h",
-  "modified": "2025-05-14T21:05:43Z",
+  "modified": "2025-08-08T18:52:38Z",
   "published": "2025-04-28T21:30:43Z",
   "aliases": [
     "CVE-2025-31650"
   ],
   "summary": "Apache Tomcat Denial of Service via invalid HTTP priority header",
-  "details": "Improper Input Validation vulnerability in Apache Tomcat. Incorrect error handling for some invalid HTTP priority headers resulted in incomplete clean-up of the failed request which created a memory leak. A large number of such requests could trigger an OutOfMemoryException resulting in a denial of service.\n\nThis issue affects Apache Tomcat: from 9.0.76 through 9.0.102, from 10.1.10 through 10.1.39, from 11.0.0-M2 through 11.0.5.\n\nUsers are recommended to upgrade to version 9.0.104, 10.1.40 or 11.0.6 which fix the issue.",
+  "details": "Improper Input Validation vulnerability in Apache Tomcat. Incorrect error handling for some invalid HTTP priority headers resulted in incomplete clean-up of the failed request which created a memory leak. A large number of such requests could trigger an OutOfMemoryException resulting in a denial of service.\n\nThis issue affects Apache Tomcat: from 9.0.76 through 9.0.102, from 10.1.10 through 10.1.39, from 11.0.0-M2 through 11.0.5. The following versions were EOL at the time the CVE was created but are known to be affected: 8.5.90 though 8.5.100.\n\nUsers are recommended to upgrade to version 9.0.104, 10.1.40 or 11.0.6 which fix the issue.",
   "severity": [
     {
       "type": "CVSS_V4",
@@ -134,6 +134,44 @@
           ]
         }
       ]
+    },
+    {
+      "package": {
+        "ecosystem": "Maven",
+        "name": "org.apache.tomcat:tomcat-coyote"
+      },
+      "ranges": [
+        {
+          "type": "ECOSYSTEM",
+          "events": [
+            {
+              "introduced": "8.5.0"
+            },
+            {
+              "last_affected": "8.5.100"
+            }
+          ]
+        }
+      ]
+    },
+    {
+      "package": {
+        "ecosystem": "Maven",
+        "name": "org.apache.tomcat.embed:tomcat-embed-core"
+      },
+      "ranges": [
+        {
+          "type": "ECOSYSTEM",
+          "events": [
+            {
+              "introduced": "8.5.0"
+            },
+            {
+              "last_affected": "8.5.100"
+            }
+          ]
+        }
+      ]
     }
   ],
   "references": [
