Apache CXF Memory Leak Vulnerability
CVE-2024-41172

7.5HIGH

Key Information:

Vendor: Apache
Status: Apache Cxf
Vendor: CVE Published:; 19 July 2024

What is CVE-2024-41172?

A vulnerability in the Apache CXF HTTP client conduit can lead to increased memory usage, as instances of HTTPClient may not be eligible for garbage collection in versions prior to 3.6.4 and 4.0.5. This improper memory management can result in applications experiencing significant memory consumption over time, which may ultimately exhaust available memory resources, leading to performance degradation or application crashes.

Affected Version(s)

Apache CXF 3.6.0, 4.0.0 < 3.6.4, 4.0.5

References

https://lists.apache.org/thread/n2hvbrgwpdtcqdccod8by28yn...

vendor-advisory

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jul 19, 2024
Vulnerability Reserved
Jul 17, 2024