6.5

CVE-2024-1023

A vulnerability in the Eclipse Vert.x toolkit results in a memory leak due to using Netty FastThreadLocal data structures. Specifically, when the Vert.x HTTP client establishes connections to different hosts, triggering the memory leak. The leak can be accelerated with intimate runtime knowledge, allowing an attacker to exploit this vulnerability. For instance, a server accepting arbitrary internet addresses could serve as an attack vector by connecting to these addresses, thereby accelerating the memory leak.

Verknüpft mit AI von unstrukturierten Daten zu bestehenden CPE der NVD
This information is available to logged-in users.
Daten sind bereitgestellt durch das CVE Programm von einer CVE Numbering Authority (CNA) (Unstrukturiert).
Collection URLhttps://mvnrepository.com/artifact/io.vertx
Package vertx-core
Default Statusunaffected
Version 4.4.5
Status affected
Version 4.4.6
Status affected
Version 4.5.0
Status affected
Version 4.5.1
Status affected
VendorRed Hat
Product CEQ 3.2
Default Statusunaffected
VendorRed Hat
Product Cryostat 2 on RHEL 8
Default Statusaffected
Version < *
Version 2.4.0-7
Status unaffected
VendorRed Hat
Product Cryostat 2 on RHEL 8
Default Statusaffected
Version < *
Version 2.4.0-4
Status unaffected
VendorRed Hat
Product Cryostat 2 on RHEL 8
Default Statusaffected
Version < *
Version 2.4.0-4
Status unaffected
VendorRed Hat
Product Cryostat 2 on RHEL 8
Default Statusaffected
Version < *
Version 2.4.0-4
Status unaffected
VendorRed Hat
Product Cryostat 2 on RHEL 8
Default Statusaffected
Version < *
Version 2.4.0-9
Status unaffected
VendorRed Hat
Product Cryostat 2 on RHEL 8
Default Statusaffected
Version < *
Version 2.4.0-4
Status unaffected
VendorRed Hat
Product MTA-6.2-RHEL-9
Default Statusaffected
Version < *
Version 6.2.3-2
Status unaffected
VendorRed Hat
Product Red Hat AMQ Streams 2.7.0
Default Statusunaffected
VendorRed Hat
Product Red Hat build of Apache Camel 4.4.1 for Spring Boot 3.2
Default Statusunaffected
VendorRed Hat
Product Red Hat build of Quarkus 3.2.11.Final
Default Statusaffected
Version < *
Version 4.4.8.redhat-00001
Status unaffected
VendorRed Hat
Product RHINT Service Registry 2.5.11 GA
Default Statusunaffected
VendorRed Hat
Product A-MQ Clients 2
Default Statusunaffected
VendorRed Hat
Product Migration Toolkit for Runtimes
Default Statusaffected
VendorRed Hat
Product OpenShift Serverless
Default Statusunaffected
VendorRed Hat
Product Red Hat AMQ Broker 7
Default Statusunaffected
VendorRed Hat
Product Red Hat build of Apache Camel for Spring Boot 3
Default Statusaffected
VendorRed Hat
Product Red Hat Build of Keycloak
Default Statusaffected
VendorRed Hat
Product Red Hat build of OptaPlanner 8
Default Statusaffected
VendorRed Hat
Product Red Hat build of Quarkus
Default Statusunaffected
VendorRed Hat
Product Red Hat Data Grid 8
Default Statusaffected
VendorRed Hat
Product Red Hat Fuse 7
Default Statusunaffected
VendorRed Hat
Product Red Hat Integration Camel K 1
Default Statusaffected
VendorRed Hat
Product Red Hat Integration Camel Quarkus 2
Default Statusaffected
VendorRed Hat
Product Red Hat JBoss Data Grid 7
Default Statusaffected
VendorRed Hat
Product Red Hat JBoss Enterprise Application Platform 7
Default Statusunaffected
VendorRed Hat
Product Red Hat JBoss Enterprise Application Platform 8
Default Statusunaffected
VendorRed Hat
Product Red Hat JBoss Enterprise Application Platform Expansion Pack
Default Statusunaffected
VendorRed Hat
Product Red Hat Process Automation 7
Default Statusunaffected
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
EPSS Metriken
Type Source Score Percentile
EPSS FIRST.org 0.23% 0.455
CVSS Metriken
Source Base Score Exploit Score Impact Score Vector string
secalert@redhat.com 6.5 2.8 3.6
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
CWE-401 Missing Release of Memory after Effective Lifetime

The product does not sufficiently track and release allocated memory after it has been used, which slowly consumes remaining memory.