CVE-2024-1300

Name of the Vulnerable Software and Affected Versions Eclipse Vert.x (affected versions not specified)

Description A vulnerability in the Eclipse Vert.x toolkit causes a memory leak in TCP servers configured with TLS and SNI support. When processing an unknown SNI server name, the default certificate is assigned instead of a mapped certificate, leading to the SSL context being erroneously cached in the server name map. This results in memory exhaustion, allowing attackers to send TLS client hello messages with fake server names and trigger a JVM out-of-memory error.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.