PT-2024-16128 · Eclipse · Eclipse Vert.X

Vietj

Published

2024-01-30

Updated

2024-11-21

CVE-2024-1023

CVSS v3.1

6.5

Medium

Vector

AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Name of the Vulnerable Software and Affected Versions Eclipse Vert.x versions prior to 4.4.7 Eclipse Vert.x versions prior to 4.5.2

Description A memory leak occurs in the Eclipse Vert.x toolkit due to the use of Netty FastThreadLocal data structures. This issue is triggered when the Vert.x HTTP client establishes connections to different hosts. An attacker can exploit this vulnerability by accelerating the memory leak, particularly if a server accepts arbitrary internet addresses and connects to these addresses.

Recommendations For Eclipse Vert.x versions prior to 4.4.7, update to version 4.4.7 to resolve the issue. For Eclipse Vert.x versions prior to 4.5.2, update to version 4.5.2 to resolve the issue.

Fix

Memory Leak

Information Disclosure

Buffer Overflow

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-401CWE-200CWE-119

Related Identifiers

CVE-2024-1023

GHSA-5667-3WCH-7Q7W

Affected Products

Eclipse Vert.X

PT-2024-16128 · Eclipse · Eclipse Vert.X

CVE-2024-1023

Weakness Enumeration

Related Identifiers

Affected Products

References · 29