CVE-2025-2240

EPSS 0.34%
Veröffentlicht 12.03.2025 14:55:15
Zuletzt bearbeitet 15.04.2026 00:35:42
Quelle secalert@redhat.com
CVE-Watchlists
Login
Unerledigt
Login

Smallrye-fault-tolerance: smallrye fault tolerance

A flaw was found in Smallrye, where smallrye-fault-tolerance is vulnerable to an out-of-memory (OOM) issue. This vulnerability is externally triggered when calling the metrics URI. Every call creates a new object within meterMap and may lead to a denial of service (DoS) issue.

Betroffene Produkte Warnungen 0 Metriken 2 CWE 1 Referenzen 9

CNA 14 VulnDex Vulnerability Enrichment 1

Daten sind bereitgestellt durch das CVE Programm von einer CVE Numbering Authority (CNA) (Unstrukturiert).

Collection URLhttps://github.com/smallrye/smallrye-fault-tolerance

≫

Paket smallrye-fault-tolerance-core

Default Statusunaffected

Version 6.3.0

Version < 6.4.2

Status affected

Version 6.5.0

Version < 6.9.0

Status affected

HerstellerRed Hat

≫

Produkt Red Hat build of Apache Camel 4.8.5 for Spring Boot

Default Statusunaffected

HerstellerRed Hat

≫

Produkt Red Hat Build of Apache Camel 4.8 for Quarkus 3.15

Default Statusunaffected

HerstellerRed Hat

≫

Produkt Red Hat Build of Apache Camel 4.8 for Quarkus 3.15

Default Statusunaffected

HerstellerRed Hat

≫

Produkt Red Hat build of Quarkus 3.15.4

Default Statusunaffected

HerstellerRed Hat

≫

Produkt Red Hat build of Apicurio Registry 2

Default Statusaffected

HerstellerRed Hat

≫

Produkt Red Hat build of Apicurio Registry 3

Default Statusaffected

HerstellerRed Hat

≫

Produkt Red Hat build of Quarkus

Default Statusunaffected

HerstellerRed Hat

≫

Produkt Red Hat build of Quarkus

Default Statusunaffected

HerstellerRed Hat

≫

Produkt Red Hat Fuse 7

Default Statusunknown

HerstellerRed Hat

≫

Produkt Red Hat Integration Camel K 1

Default Statusaffected

HerstellerRed Hat

≫

Produkt Red Hat JBoss Enterprise Application Platform 7

Default Statusaffected

HerstellerRed Hat

≫

Produkt Red Hat JBoss Enterprise Application Platform 8

Default Statusunaffected

HerstellerRed Hat

≫

Produkt Red Hat JBoss Enterprise Application Platform Expansion Pack

Default Statusunaffected

VulnDex Vulnerability Enrichment

Diese Information steht angemeldeten Benutzern zur Verfügung.

Zu dieser CVE wurde keine Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.34%	0.569

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
secalert@redhat.com	7.5	3.9	3.6	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE-1325 Improperly Controlled Sequential Memory Allocation

The product manages a group of objects or resources and performs a separate memory allocation for each object, but it does not properly limit the total amount of memory that is consumed by all of the combined objects.

https://access.redhat.com/security/cve/CVE-2025-2240

https://bugzilla.redhat.com/show_bug.cgi?id=2351452

https://github.com/advisories/GHSA-gfh6-3pqw-x2j4

https://access.redhat.com/errata/RHSA-2025:3376

https://access.redhat.com/errata/RHSA-2025:3541

https://access.redhat.com/errata/RHSA-2025:3543

https://nvd.nist.gov/vuln/detail/CVE-2025-2240

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2025-2240

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2025-2240

EUVD

Team-orientierte Vulnerability Management Plattform

Features der Plattform

CVE-2025-2240