CVE-2024-41172

CVSS v3.1

7.5

High

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Name of the Vulnerable Software and Affected Versions: Apache CXF versions 3.6.3 and earlier, 4.0.4 and earlier

Description: The issue is related to a memory leak in the Apache CXF HTTP client conduit, which can prevent HTTPClient instances from being garbage collected. This can cause memory consumption to increase over time, potentially leading to the application running out of memory. The vulnerability can be exploited by a remote attacker to cause a denial of service.

Recommendations: For versions prior to 3.6.4, update to version 3.6.4 or later to resolve the issue. For versions prior to 4.0.5, update to version 4.0.5 or later to resolve the issue. As a temporary workaround, consider restricting the use of the HTTP client conduit to minimize the risk of exploitation.

Fix

Memory Leak

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-789CWE-401

Related Identifiers

BDU:2024-05628

CVE-2024-41172

GHSA-4MGG-FQFQ-64HG

RHSA-2024:8823

RHSA-2024:8824

Affected Products

Apache Cxf

CVE-2024-41172

Weakness Enumeration

Related Identifiers

Affected Products

References · 13