Vulnerability Description
A vulnerability in the Eclipse Vert.x toolkit results in a memory leak due to using Netty FastThreadLocal data structures. Specifically, when the Vert.x HTTP client establishes connections to different hosts, triggering the memory leak. The leak can be accelerated with intimate runtime knowledge, allowing an attacker to exploit this vulnerability. For instance, a server accepting arbitrary internet addresses could serve as an attack vector by connecting to these addresses, thereby accelerating the memory leak.
CVSS Score
MEDIUM
Related Weaknesses (CWE)
References
- https://access.redhat.com/errata/RHSA-2024:1662
- https://access.redhat.com/errata/RHSA-2024:1706
- https://access.redhat.com/errata/RHSA-2024:2088
- https://access.redhat.com/errata/RHSA-2024:2833
- https://access.redhat.com/errata/RHSA-2024:3527
- https://access.redhat.com/errata/RHSA-2024:3989
- https://access.redhat.com/errata/RHSA-2024:4884
- https://access.redhat.com/security/cve/CVE-2024-1023
- https://bugzilla.redhat.com/show_bug.cgi?id=2260840
- https://github.com/eclipse-vertx/vert.x/issues/5078
- https://github.com/eclipse-vertx/vert.x/pull/5080
- https://github.com/eclipse-vertx/vert.x/pull/5082
- https://access.redhat.com/errata/RHSA-2024:1662
- https://access.redhat.com/errata/RHSA-2024:1706
- https://access.redhat.com/errata/RHSA-2024:2088
FAQ
What is CVE-2024-1023?
CVE-2024-1023 is a vulnerability with a CVSS score of 6.5 (MEDIUM). A vulnerability in the Eclipse Vert.x toolkit results in a memory leak due to using Netty FastThreadLocal data structures. Specifically, when the Vert.x HTTP client establishes connections to differen...
How severe is CVE-2024-1023?
CVE-2024-1023 has been rated MEDIUM with a CVSS base score of 6.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2024-1023?
Check the references section above for vendor advisories and patch information. Review vendor security bulletins for remediation guidance.