CVE-2024-1023

Опубликовано: 26 янв. 2024

Источник: redhat

CVSS3: 6.5

EPSS Низкий

Описание

A vulnerability in the Eclipse Vert.x toolkit results in a memory leak due to using Netty FastThreadLocal data structures. Specifically, when the Vert.x HTTP client establishes connections to different hosts, triggering the memory leak. The leak can be accelerated with intimate runtime knowledge, allowing an attacker to exploit this vulnerability. For instance, a server accepting arbitrary internet addresses could serve as an attack vector by connecting to these addresses, thereby accelerating the memory leak.

Меры по смягчению последствий

Mitigation for this issue is either not available or the currently available options don't meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.

Затронутые пакеты

Платформа	Пакет	Состояние
A-MQ Clients 2	vert.x	Not affected
Migration Toolkit for Runtimes	vert.x	Affected
OpenShift Serverless	vert.x	Not affected
Red Hat AMQ Broker 7	vert.x	Not affected
Red Hat build of Apache Camel for Spring Boot 3	vert.x	Will not fix
Red Hat Build of Keycloak	vert.x	Affected
Red Hat build of OptaPlanner 8	vert.x	Will not fix
Red Hat build of Quarkus	io.vertx/vertx-core	Not affected
Red Hat Data Grid 8	vert.x	Affected
Red Hat Fuse 7	vert.x	Not affected

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Moderate

Дефект:

CWE-401

https://bugzilla.redhat.com/show_bug.cgi?id=2260840io.vertx/vertx-core: memory leak due to the use of Netty FastThreadLocal data structures in Vertx

EPSS

Процентиль: 45%

0.00227

Низкий

6.5 Medium

CVSS3

Связанные уязвимости

CVE-2024-1023

CVSS3: 6.5

nvd

почти 2 года назад

GHSA-5667-3wch-7q7w

CVSS3: 6.5

github

почти 2 года назад

Eclipse Vert.x memory leak

EPSS

Процентиль: 45%

0.00227

Низкий

6.5 Medium

CVSS3