CVE-2024-1023

EPSS 0.23%
Veröffentlicht 27.03.2024 08:15:38
Zuletzt bearbeitet 15.04.2026 00:35:42
Quelle secalert@redhat.com
CVE-Watchlists
Login
Unerledigt
Login

Io.vertx/vertx-core: memory leak due to the use of netty fastthreadlocal data structures in vertx

A vulnerability in the Eclipse Vert.x toolkit results in a memory leak due to using Netty FastThreadLocal data structures. Specifically, when the Vert.x HTTP client establishes connections to different hosts, triggering the memory leak. The leak can be accelerated with intimate runtime knowledge, allowing an attacker to exploit this vulnerability. For instance, a server accepting arbitrary internet addresses could serve as an attack vector by connecting to these addresses, thereby accelerating the memory leak.

Betroffene Produkte Warnungen 0 Metriken 2 CWE 1 Referenzen 15

CNA 30 VulnDex Vulnerability Enrichment 3

Daten sind bereitgestellt durch das CVE Programm von einer CVE Numbering Authority (CNA) (Unstrukturiert).

Collection URLhttps://mvnrepository.com/artifact/io.vertx

≫

Paket vertx-core

Default Statusunaffected

Version 4.4.5

Status affected

Version 4.4.6

Status affected

Version 4.5.0

Status affected

Version 4.5.1

Status affected

HerstellerRed Hat

≫

Produkt CEQ 3.2

Default Statusunaffected

HerstellerRed Hat

≫

Produkt Cryostat 2 on RHEL 8

Default Statusaffected

Version 2.4.0-7

Version < *

Status unaffected

HerstellerRed Hat

≫

Produkt Cryostat 2 on RHEL 8

Default Statusaffected

Version 2.4.0-4

Version < *

Status unaffected

HerstellerRed Hat

≫

Produkt Cryostat 2 on RHEL 8

Default Statusaffected

Version 2.4.0-4

Version < *

Status unaffected

HerstellerRed Hat

≫

Produkt Cryostat 2 on RHEL 8

Default Statusaffected

Version 2.4.0-4

Version < *

Status unaffected

HerstellerRed Hat

≫

Produkt Cryostat 2 on RHEL 8

Default Statusaffected

Version 2.4.0-9

Version < *

Status unaffected

HerstellerRed Hat

≫

Produkt Cryostat 2 on RHEL 8

Default Statusaffected

Version 2.4.0-4

Version < *

Status unaffected

HerstellerRed Hat

≫

Produkt MTA-6.2-RHEL-9

Default Statusaffected

Version 6.2.3-2

Version < *

Status unaffected

HerstellerRed Hat

≫

Produkt Red Hat AMQ Streams 2.7.0

Default Statusunaffected

HerstellerRed Hat

≫

Produkt Red Hat build of Apache Camel 4.4.1 for Spring Boot 3.2

Default Statusunaffected

HerstellerRed Hat

≫

Produkt Red Hat build of Quarkus 3.2.11.Final

Default Statusaffected

Version 4.4.8.redhat-00001

Version < *

Status unaffected

HerstellerRed Hat

≫

Produkt RHINT Service Registry 2.5.11 GA

Default Statusunaffected

HerstellerRed Hat

≫

Produkt A-MQ Clients 2

Default Statusunaffected

HerstellerRed Hat

≫

Produkt Migration Toolkit for Runtimes

Default Statusaffected

HerstellerRed Hat

≫

Produkt OpenShift Serverless

Default Statusunaffected

HerstellerRed Hat

≫

Produkt Red Hat AMQ Broker 7

Default Statusunaffected

HerstellerRed Hat

≫

Produkt Red Hat build of Apache Camel for Spring Boot 3

Default Statusaffected

HerstellerRed Hat

≫

Produkt Red Hat Build of Keycloak

Default Statusaffected

HerstellerRed Hat

≫

Produkt Red Hat build of OptaPlanner 8

Default Statusaffected

HerstellerRed Hat

≫

Produkt Red Hat build of Quarkus

Default Statusunaffected

HerstellerRed Hat

≫

Produkt Red Hat Data Grid 8

Default Statusaffected

HerstellerRed Hat

≫

Produkt Red Hat Fuse 7

Default Statusunaffected

HerstellerRed Hat

≫

Produkt Red Hat Integration Camel K 1

Default Statusaffected

HerstellerRed Hat

≫

Produkt Red Hat Integration Camel Quarkus 2

Default Statusaffected

HerstellerRed Hat

≫

Produkt Red Hat JBoss Data Grid 7

Default Statusaffected

HerstellerRed Hat

≫

Produkt Red Hat JBoss Enterprise Application Platform 7

Default Statusunaffected

HerstellerRed Hat

≫

Produkt Red Hat JBoss Enterprise Application Platform 8

Default Statusunaffected

HerstellerRed Hat

≫

Produkt Red Hat JBoss Enterprise Application Platform Expansion Pack

Default Statusunaffected

HerstellerRed Hat

≫

Produkt Red Hat Process Automation 7

Default Statusunaffected

VulnDex Vulnerability Enrichment

Diese Information steht angemeldeten Benutzern zur Verfügung.

Zu dieser CVE wurde keine Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.23%	0.453

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
secalert@redhat.com	6.5	2.8	3.6	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

CWE-401 Missing Release of Memory after Effective Lifetime

The product does not sufficiently track and release allocated memory after it has been used, which slowly consumes remaining memory.

https://access.redhat.com/errata/RHSA-2024:1662

https://access.redhat.com/errata/RHSA-2024:1706

https://access.redhat.com/errata/RHSA-2024:2088

https://access.redhat.com/errata/RHSA-2024:2833

https://access.redhat.com/errata/RHSA-2024:3527

https://access.redhat.com/errata/RHSA-2024:3989

https://access.redhat.com/errata/RHSA-2024:4884

https://access.redhat.com/security/cve/CVE-2024-1023

https://bugzilla.redhat.com/show_bug.cgi?id=2260840

https://github.com/eclipse-vertx/vert.x/issues/5078

https://github.com/eclipse-vertx/vert.x/pull/5080

https://github.com/eclipse-vertx/vert.x/pull/5082

https://nvd.nist.gov/vuln/detail/CVE-2024-1023

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2024-1023

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2024-1023

EUVD

Team-orientierte Vulnerability Management Plattform

Features der Plattform

CVE-2024-1023