PT-2024-38985 · Eclipse · Eclipse Vert.X
Julien Viet
·
Published
2024-09-04
·
Updated
2024-11-13
·
CVE-2024-8391
CVSS v3.1
7.5
High
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |
Name of the Vulnerable Software and Affected Versions:
Eclipse Vert.x versions 4.3.0 through 4.5.9
Description:
The gRPC server in Eclipse Vert.x does not limit the maximum length of message payload, which can lead to potential issues. This issue does not affect the Vert.x gRPC server based on grpc-java and Netty libraries. The estimated number of potentially affected devices worldwide is not specified. There is no information about real-world incidents where this issue was exploited.
Recommendations:
For Eclipse Vert.x versions 4.3.0 through 4.5.9, update to version 4.5.10 or later to fix the issue. As a temporary workaround, consider restricting the maximum length of message payload in the gRPC server configuration to minimize the risk of exploitation.
Fix
Allocation of Resources Without Limits
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Eclipse Vert.X