CVE-2018-12541

MEDIUM

Eclipse Vert.x <3.5.3 - Memory Corruption

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 2 public exploits for CVE-2018-12541. PoCs published by dawetmaster, andikahilmy.

AI-analyzed exploit summary This repository contains the source code of a vulnerable version of Vert.x, specifically targeting CVE-2018-12541. It includes build instructions, benchmarking details, and contributing guidelines, but no explicit exploit code or technical analysis of the vulnerability itself.

Description

In version from 3.0.0 to 3.5.3 of Eclipse Vert.x, the WebSocket HTTP upgrade implementation buffers the full http request before doing the handshake, holding the entire request body in memory. There should be a reasonnable limit (8192 bytes) above which the WebSocket gets an HTTP response with the 413 status code and the connection gets closed.

Exploits (2)

nomisec WRITEUP
by dawetmaster · poc
https://github.com/dawetmaster/CVE-2018-12541-vert.x-vulnerable

This repository contains the source code of a vulnerable version of Vert.x, specifically targeting CVE-2018-12541. It includes build instructions, benchmarking details, and contributing guidelines, but no explicit exploit code or technical analysis of the vulnerability itself.

Classification
Writeup 90%
Attack Type
Other
Complexity
Moderate
Reliability
Theoretical
Target: Vert.x (version not explicitly specified)
No auth needed
Prerequisites: Access to the vulnerable Vert.x instance
devstral-2 · analyzed Mar 14, 2026 Full analysis →
nomisec WRITEUP
by andikahilmy · poc
https://github.com/andikahilmy/CVE-2018-12541-vert.x-vulnerable

This repository contains the source code of a vulnerable version of Vert.x, specifically highlighting CVE-2018-12541. It includes build instructions, benchmarking details, and contributing guidelines but lacks explicit exploit code or technical analysis of the vulnerability itself.

Classification
Writeup 90%
Attack Type
Other
Complexity
Moderate
Reliability
Theoretical
Target: Vert.x (version not explicitly specified)
No auth needed
Prerequisites: Access to a vulnerable Vert.x instance
devstral-2 · analyzed Feb 18, 2026 Full analysis →

References (16)

Core 16
Core References
Vendor Advisory x_refsource_confirm
https://bugs.eclipse.org/bugs/show_bug.cgi?id=539170
Third Party Advisory x_refsource_confirm
https://github.com/eclipse-vertx/vert.x/issues/2648
Third Party Advisory vendor-advisory x_refsource_redhat
https://access.redhat.com/errata/RHSA-2018:2946

Scores

CVSS v3 6.5
EPSS 0.0129
EPSS Percentile 80.2%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Details

CWE
CWE-119 CWE-789
Status published
Products (2)
eclipse/vert.x 3.0.0 - 3.5.4
io.vertx/vertx-core 3.0.0 - 3.5.4Maven
Published Oct 10, 2018
Tracked Since Feb 18, 2026