Memory Leak Vulnerability in Eclipse Vert.x Toolkit
CVE-2024-1023

6.5MEDIUM

Key Information:

Vendor
Red Hat
Status
Ceq 3.2
Cryostat 2 On Rhel 8
Mta-6.2-rhel-9
Red Hat AMQ Streams 2.7.0
Vendor
CVE Published:
27 March 2024

Summary

A vulnerability in the Eclipse Vert.x toolkit results in a memory leak due to using Netty FastThreadLocal data structures. Specifically, when the Vert.x HTTP client establishes connections to different hosts, triggering the memory leak. The leak can be accelerated with intimate runtime knowledge, allowing an attacker to exploit this vulnerability. For instance, a server accepting arbitrary internet addresses could serve as an attack vector by connecting to these addresses, thereby accelerating the memory leak.

References

https://access.redhat.com/errata/RHSA-2024:1662
vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2024:1706
vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2024:2088
vendor-advisoryx_refsource_REDHAT

CVSS V3.1

Score:
6.5
Severity:
MEDIUM
Confidentiality:
None
Integrity:
None
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Collectors

NVD DatabaseMitre Database
.