CVE-2024-1023
Io.vertx/vertx-core: memory leak due to the use of netty fastthreadlocal data structures in vertx
A vulnerability in the Eclipse Vert.x toolkit results in a memory leak due to using Netty FastThreadLocal data structures. Specifically, when the Vert.x HTTP client establishes connections to different hosts, triggering the memory leak. The leak can be accelerated with intimate runtime knowledge, allowing an attacker to exploit this vulnerability. For instance, a server accepting arbitrary internet addresses could serve as an attack vector by connecting to these addresses, thereby accelerating the memory leak.
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Produtos afetados
vertx-coreRed Hat · A-MQ Clients 2Red Hat · CEQ 3.2Red Hat · Cryostat 2 on RHEL 8Red Hat · Migration Toolkit for RuntimesRed Hat · MTA-6.2-RHEL-9Red Hat · OpenShift ServerlessRed Hat · Red Hat AMQ Broker 7Red Hat · Red Hat AMQ Streams 2.7.0Red Hat · Red Hat build of Apache Camel 4.4.1 for Spring Boot 3.2Red Hat · Red Hat build of Apache Camel for Spring Boot 3Red Hat · Red Hat Build of KeycloakRed Hat · Red Hat build of OptaPlanner 8Red Hat · Red Hat build of QuarkusRed Hat · Red Hat build of Quarkus 3.2.11.FinalRed Hat · Red Hat Data Grid 8Red Hat · Red Hat Fuse 7Red Hat · Red Hat Integration Camel K 1Red Hat · Red Hat Integration Camel Quarkus 2Red Hat · Red Hat JBoss Data Grid 7Red Hat · Red Hat JBoss Enterprise Application Platform 7Red Hat · Red Hat JBoss Enterprise Application Platform 8Red Hat · Red Hat JBoss Enterprise Application Platform Expansion PackRed Hat · Red Hat Process Automation 7Red Hat · RHINT Service Registry 2.5.11 GAQuer saber se a sua infraestrutura está exposta a isto?
Falar com a TrueHacking →Referências
https://access.redhat.com/errata/RHSA-2024:1662https://access.redhat.com/errata/RHSA-2024:1706https://access.redhat.com/errata/RHSA-2024:2088https://access.redhat.com/errata/RHSA-2024:2833https://access.redhat.com/errata/RHSA-2024:3527https://access.redhat.com/errata/RHSA-2024:3989https://access.redhat.com/errata/RHSA-2024:4884https://access.redhat.com/security/cve/CVE-2024-1023https://bugzilla.redhat.com/show_bug.cgi?id=2260840https://github.com/eclipse-vertx/vert.x/issues/5078https://github.com/eclipse-vertx/vert.x/pull/5080https://github.com/eclipse-vertx/vert.x/pull/5082