#VU88189 Memory leak in Vert.x


Published: 2024-04-05

Vulnerability identifier: #VU88189

Vulnerability risk: Medium

CVSSv3.1: 6.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-1023

CWE-ID: CWE-401

Exploitation vector: Network

Exploit availability: No

Vulnerable software:
Vert.x
Web applications / Modules and components for CMS

Vendor: Eclipse

Description
The vulnerability allows a remote attacker to perform DoS attack on the target system.

The vulnerability exists due memory leak when using Netty FastThreadLocal data structures. A remote attacker can force the application to leak memory and perform denial of service attack.

Mitigation
Install updates from vendor's website.

Vulnerable software versions

Vert.x: 4.5.0 - 4.5.1, 4.4.5 - 4.4.6

External links
http://bugzilla.redhat.com/show_bug.cgi?id=2260840
http://github.com/eclipse-vertx/vert.x/issues/5078
http://github.com/eclipse-vertx/vert.x/pull/5080
http://github.com/eclipse-vertx/vert.x/pull/5082

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.


Latest bulletins with this vulnerability


Multiple vulnerabilities in IBM Asset Data Dictionary Component
Multiple vulnerabilities in IBM Cloud Pak for Business Automation
Multiple vulnerabilities in Red Hat build of Cryostat 2 on RHEL 8
Multiple vulnerabilities in IBM Business Automation Insights
Multiple vulnerabilities in Red Hat build of Quarkus 3.2
Denial of service in Eclipse Vert.x