CVE-2024-41172
HIGHApache CXF 3.6.0-3.6.3 and 4.0.0-4.0.4 - Memory Leak in HTTP Client Conduit
Title source: llmDescription
In versions of Apache CXF before 3.6.4 and 4.0.5 (3.5.x and lower versions are not impacted), a CXF HTTP client conduit may prevent HTTPClient instances from being garbage collected and it is possible that memory consumption will continue to increase, eventually causing the application to run out of memory
References (3)
Core 3
Core References
Vendor Advisory
https://security.netapp.com/advisory/ntap-20240808-0008/
Mailing List, Vendor Advisory vendor-advisory
https://lists.apache.org/thread/n2hvbrgwpdtcqdccod8by28ynnolybl6
Scores
CVSS v3
7.5
EPSS
0.0119
EPSS Percentile
79.0%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
yes
Technical Impact
partial
Details
CWE
CWE-401
Status
published
Products (2)
apache/cxf
3.6.0 - 3.6.4
org.apache.cxf/cxf-rt-transports-http
4.0.0 - 4.0.5Maven
Published
Jul 19, 2024
Tracked Since
Feb 18, 2026