CVE-2024-1023

MEDIUM

Io.vertx Vertx-core < 4.5.2 - Memory Leak

Title source: rule
STIX 2.1

Description

A vulnerability in the Eclipse Vert.x toolkit results in a memory leak due to using Netty FastThreadLocal data structures. Specifically, when the Vert.x HTTP client establishes connections to different hosts, triggering the memory leak. The leak can be accelerated with intimate runtime knowledge, allowing an attacker to exploit this vulnerability. For instance, a server accepting arbitrary internet addresses could serve as an attack vector by connecting to these addresses, thereby accelerating the memory leak.

References (12)

Core 12
Core References
Vendor Advisory vendor-advisory x_refsource_redhat
https://access.redhat.com/errata/RHSA-2024:1662
Vendor Advisory vendor-advisory x_refsource_redhat
https://access.redhat.com/errata/RHSA-2024:1706
Vendor Advisory vendor-advisory x_refsource_redhat
https://access.redhat.com/errata/RHSA-2024:2088
Vendor Advisory vendor-advisory x_refsource_redhat
https://access.redhat.com/errata/RHSA-2024:2833
Vendor Advisory vendor-advisory x_refsource_redhat
https://access.redhat.com/errata/RHSA-2024:3527
Vendor Advisory vendor-advisory x_refsource_redhat
https://access.redhat.com/errata/RHSA-2024:3989
Vendor Advisory vendor-advisory x_refsource_redhat
https://access.redhat.com/errata/RHSA-2024:4884
Vendor Advisory vdb-entry x_refsource_redhat
https://access.redhat.com/security/cve/CVE-2024-1023
Issue Tracking issue-tracking x_refsource_redhat
https://bugzilla.redhat.com/show_bug.cgi?id=2260840

Scores

CVSS v3 6.5
EPSS 0.0023
EPSS Percentile 45.3%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

CISA SSVC

Vulnrichment
Exploitation poc
Automatable no
Technical Impact partial

Details

CWE
CWE-401
Status published
Products (27)
io.vertx/vertx-core 4.5.0 - 4.5.2Maven
Red Hat/A-MQ Clients 2
Red Hat/CEQ 3.2
Red Hat/Cryostat 2 on RHEL 8 2.4.0-4
Red Hat/Cryostat 2 on RHEL 8 2.4.0-7
Red Hat/Cryostat 2 on RHEL 8 2.4.0-9
Red Hat/Migration Toolkit for Runtimes
Red Hat/MTA-6.2-RHEL-9 6.2.3-2
Red Hat/OpenShift Serverless
Red Hat/Red Hat AMQ Broker 7
... and 17 more
Published Mar 27, 2024
Tracked Since Feb 18, 2026