Описание
A flaw was found in Smallrye, where smallrye-fault-tolerance is vulnerable to an out-of-memory (OOM) issue. This vulnerability is externally triggered when calling the metrics URI. Every call creates a new object within meterMap and may lead to a denial of service (DoS) issue.
Отчет
This vulnerability allows a remote attacker to cause an out-of-memory issue when calling the metrics URI, resulting in a denial of service. As this flaw can be triggered via the network, it has been rated with an important severity.
Меры по смягчению последствий
Red Hat has investigated whether a possible mitigation exists for this issue, and has not been able to identify a practical example. Please update the affected package as soon as possible.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat build of Apicurio Registry 2 | io.smallrye/smallrye-fault-tolerance-core | Affected | ||
| Red Hat build of Apicurio Registry 3 | io.smallrye/smallrye-fault-tolerance-core | Affected | ||
| Red Hat build of Quarkus | io.smallrye/smallrye-fault-tolerance-apiimpl | Not affected | ||
| Red Hat Fuse 7 | io.smallrye/smallrye-fault-tolerance-core | Out of support scope | ||
| Red Hat Integration Camel K 1 | io.smallrye/smallrye-fault-tolerance-core | Will not fix | ||
| Red Hat JBoss Enterprise Application Platform 7 | smallrye-fault-tolerance-core | Not affected | ||
| Red Hat JBoss Enterprise Application Platform 8 | smallrye-fault-tolerance-core | Not affected | ||
| Red Hat JBoss Enterprise Application Platform Expansion Pack | smallrye-fault-tolerance-core | Not affected | ||
| Red Hat build of Apache Camel 4.8.5 for Spring Boot | io.smallrye/smallrye-fault-tolerance-core | Fixed | RHSA-2025:3543 | 02.04.2025 |
| Red Hat Build of Apache Camel 4.8 for Quarkus 3.15 | com.redhat.quarkus.platform/quarkus-camel-bom | Fixed | RHSA-2025:3541 | 02.04.2025 |
Показывать по
Дополнительная информация
Статус:
7.5 High
CVSS3
Связанные уязвимости
A flaw was found in Smallrye, where smallrye-fault-tolerance is vulnerable to an out-of-memory (OOM) issue. This vulnerability is externally triggered when calling the metrics URI. Every call creates a new object within meterMap and may lead to a denial of service (DoS) issue.
SmallRye Fault Tolerance out-of-memory (OOM) issue
7.5 High
CVSS3