What is CVE-2021-42697?

CVE-2021-42697 is a vulnerability in N/a. Published 2021-11-02.

Is CVE-2021-42697 known to be exploited?

11 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

Vulnerability in N/a

CVE-2021-42697

Akka HTTP 10.1.x before 10.1.15 and 10.2.x before 10.2.7 can encounter stack exhaustion while parsing HTTP headers, which allows a remote attacker to conduct a Denial of Service attack by sending a User-Agent header with deeply nested comm…

EPSS: 0.755 (98.9th percentile) — read the EPSS interpretation.

Affected products

N/a — versions n/a

Public proof-of-concept exploits

References

akka.io/blog/ (x_refsource_MISC)
doc.akka.io/docs/akka-http/current/security/2021-CVE-2021-42697-stack-overflow-… (x_refsource_MISC)
akka.io/blog/news/2021/11/02/akka-http-10.2.7-released (x_refsource_MISC)
akka.io/blog/news/2021/11/22/akka-http-10.1.15-released (x_refsource_MISC)
packetstormsecurity.com/files/167018/Akka-HTTP-10.1.14-Denial-Of-Service.html (x_refsource_MISC)

Frequently asked questions

What is CVE-2021-42697?: CVE-2021-42697 is a vulnerability in N/a. Published 2021-11-02.
Is CVE-2021-42697 known to be exploited?: 11 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.