CVE-2024-1023 – io.vertx:vertx-core

Package

Manager: maven
Name: io.vertx:vertx-core
Vulnerable Version: >=4.5.0 <4.5.2 || >=4.4.5 <4.4.7

Severity

Level: Medium

CVSS v3.1: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N

EPSS: 0.00227 pctl0.45337

Details

Eclipse Vert.x memory leak A vulnerability in the Eclipse Vert.x toolkit results in a memory leak due to using Netty FastThreadLocal data structures. Specifically, when the Vert.x HTTP client establishes connections to different hosts, triggering the memory leak. The leak can be accelerated with intimate runtime knowledge, allowing an attacker to exploit this vulnerability. For instance, a server accepting arbitrary internet addresses could serve as an attack vector by connecting to these addresses, thereby accelerating the memory leak.

Metadata

Created: 2024-03-27T09:30:40Z
Modified: 2024-07-25T21:31:19Z
Source: https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2024/03/GHSA-5667-3wch-7q7w/GHSA-5667-3wch-7q7w.json
CWE IDs: ["CWE-119", "CWE-200"]
Alternative ID: GHSA-5667-3wch-7q7w
Finding: F038
Auto approve: 1