Lucene search
RedhatCVELIST:CVE-2024-1300HistoryApr 02, 2024 - 7:33 a.m.
CVE-2024-1300 Io.vertx:vertx-core: memory leak when a tcp server is configured with tls and sni support
2024-04-0207:33:05
CWE-400
redhat
www.cve.org
vulnerability
eclipse vert.x
memory leak
tcp servers
tls
sni support
ssl context
memory exhaustion
attackers
jvm out-of-memory
cve-2024-1300
io.vertx
vertx-core
5.4 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
LOW
Integrity Impact
NONE
Availability Impact
LOW
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:L
5.5 Medium
AI Score
Confidence
High
0.0004 Low
EPSS
Percentile
13.0%
A vulnerability in the Eclipse Vert.x toolkit causes a memory leak in TCP servers configured with TLS and SNI support. When processing an unknown SNI server name assigned the default certificate instead of a mapped certificate, the SSL context is erroneously cached in the server name map, leading to memory exhaustion. This flaw allows attackers to send TLS client hello messages with fake server names, triggering a JVM out-of-memory error.
CNA Affected
[
{
"vendor": "Red Hat",
"product": "CEQ 3.2",
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"defaultStatus": "unaffected",
"packageName": "vertx-core",
"cpes": [
"cpe:/a:redhat:camel_quarkus:3"
]
},
{
"vendor": "Red Hat",
"product": "Cryostat 2 on RHEL 8",
"collectionURL": "https://catalog.redhat.com/software/containers/",
"packageName": "cryostat-tech-preview/cryostat-grafana-dashboard-rhel8",
"defaultStatus": "affected",
"versions": [
{
"version": "2.4.0-7",
"lessThan": "*",
"versionType": "rpm",
"status": "unaffected"
}
],
"cpes": [
"cpe:/a:redhat:cryostat:2::el8"
]
},
{
"vendor": "Red Hat",
"product": "Cryostat 2 on RHEL 8",
"collectionURL": "https://catalog.redhat.com/software/containers/",
"packageName": "cryostat-tech-preview/cryostat-operator-bundle",
"defaultStatus": "affected",
"versions": [
{
"version": "2.4.0-4",
"lessThan": "*",
"versionType": "rpm",
"status": "unaffected"
}
],
"cpes": [
"cpe:/a:redhat:cryostat:2::el8"
]
},
{
"vendor": "Red Hat",
"product": "Cryostat 2 on RHEL 8",
"collectionURL": "https://catalog.redhat.com/software/containers/",
"packageName": "cryostat-tech-preview/cryostat-reports-rhel8",
"defaultStatus": "affected",
"versions": [
{
"version": "2.4.0-4",
"lessThan": "*",
"versionType": "rpm",
"status": "unaffected"
}
],
"cpes": [
"cpe:/a:redhat:cryostat:2::el8"
]
},
{
"vendor": "Red Hat",
"product": "Cryostat 2 on RHEL 8",
"collectionURL": "https://catalog.redhat.com/software/containers/",
"packageName": "cryostat-tech-preview/cryostat-rhel8",
"defaultStatus": "affected",
"versions": [
{
"version": "2.4.0-4",
"lessThan": "*",
"versionType": "rpm",
"status": "unaffected"
}
],
"cpes": [
"cpe:/a:redhat:cryostat:2::el8"
]
},
{
"vendor": "Red Hat",
"product": "Cryostat 2 on RHEL 8",
"collectionURL": "https://catalog.redhat.com/software/containers/",
"packageName": "cryostat-tech-preview/cryostat-rhel8-operator",
"defaultStatus": "affected",
"versions": [
{
"version": "2.4.0-9",
"lessThan": "*",
"versionType": "rpm",
"status": "unaffected"
}
],
"cpes": [
"cpe:/a:redhat:cryostat:2::el8"
]
},
{
"vendor": "Red Hat",
"product": "Cryostat 2 on RHEL 8",
"collectionURL": "https://catalog.redhat.com/software/containers/",
"packageName": "cryostat-tech-preview/jfr-datasource-rhel8",
"defaultStatus": "affected",
"versions": [
{
"version": "2.4.0-4",
"lessThan": "*",
"versionType": "rpm",
"status": "unaffected"
}
],
"cpes": [
"cpe:/a:redhat:cryostat:2::el8"
]
},
{
"vendor": "Red Hat",
"product": "Migration Toolkit for Runtimes 1 on RHEL 8",
"collectionURL": "https://catalog.redhat.com/software/containers/",
"packageName": "mtr/mtr-operator-bundle",
"defaultStatus": "affected",
"versions": [
{
"version": "1.2-18",
"lessThan": "*",
"versionType": "rpm",
"status": "unaffected"
}
],
"cpes": [
"cpe:/a:redhat:migration_toolkit_runtimes:1.0::el8"
]
},
{
"vendor": "Red Hat",
"product": "Migration Toolkit for Runtimes 1 on RHEL 8",
"collectionURL": "https://catalog.redhat.com/software/containers/",
"packageName": "mtr/mtr-rhel8-operator",
"defaultStatus": "affected",
"versions": [
{
"version": "1.2-11",
"lessThan": "*",
"versionType": "rpm",
"status": "unaffected"
}
],
"cpes": [
"cpe:/a:redhat:migration_toolkit_runtimes:1.0::el8"
]
},
{
"vendor": "Red Hat",
"product": "Migration Toolkit for Runtimes 1 on RHEL 8",
"collectionURL": "https://catalog.redhat.com/software/containers/",
"packageName": "mtr/mtr-web-container-rhel8",
"defaultStatus": "affected",
"versions": [
{
"version": "1.2-12",
"lessThan": "*",
"versionType": "rpm",
"status": "unaffected"
}
],
"cpes": [
"cpe:/a:redhat:migration_toolkit_runtimes:1.0::el8"
]
},
{
"vendor": "Red Hat",
"product": "Migration Toolkit for Runtimes 1 on RHEL 8",
"collectionURL": "https://catalog.redhat.com/software/containers/",
"packageName": "mtr/mtr-web-executor-container-rhel8",
"defaultStatus": "affected",
"versions": [
{
"version": "1.2-10",
"lessThan": "*",
"versionType": "rpm",
"status": "unaffected"
}
],
"cpes": [
"cpe:/a:redhat:migration_toolkit_runtimes:1.0::el8"
]
},
{
"vendor": "Red Hat",
"product": "MTA-6.2-RHEL-9",
"collectionURL": "https://catalog.redhat.com/software/containers/",
"packageName": "mta/mta-windup-addon-rhel9",
"defaultStatus": "affected",
"versions": [
{
"version": "6.2.3-2",
"lessThan": "*",
"versionType": "rpm",
"status": "unaffected"
}
],
"cpes": [
"cpe:/a:redhat:migration_toolkit_applications:6.2::el9",
"cpe:/a:redhat:migration_toolkit_applications:6.2::el8"
]
},
{
"vendor": "Red Hat",
"product": "Red Hat AMQ Streams 2.7.0",
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"defaultStatus": "unaffected",
"packageName": "vertx-core",
"cpes": [
"cpe:/a:redhat:amq_streams:2"
]
},
{
"vendor": "Red Hat",
"product": "Red Hat build of Quarkus 3.2.11.Final",
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"packageName": "io.vertx/vertx-core",
"defaultStatus": "affected",
"versions": [
{
"version": "4.4.8.redhat-00001",
"lessThan": "*",
"versionType": "rpm",
"status": "unaffected"
}
],
"cpes": [
"cpe:/a:redhat:quarkus:3.2::el8"
]
},
{
"vendor": "Red Hat",
"product": "RHINT Service Registry 2.5.11 GA",
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"defaultStatus": "unaffected",
"packageName": "vertx-core",
"cpes": [
"cpe:/a:redhat:service_registry:2.5"
]
},
{
"vendor": "Red Hat",
"product": "A-MQ Clients 2",
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"packageName": "vertx-core",
"defaultStatus": "unaffected",
"cpes": [
"cpe:/a:redhat:a_mq_clients:2"
]
},
{
"vendor": "Red Hat",
"product": "OpenShift Serverless",
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"packageName": "vertx-core",
"defaultStatus": "unaffected",
"cpes": [
"cpe:/a:redhat:serverless:1"
]
},
{
"vendor": "Red Hat",
"product": "Red Hat build of Apache Camel 4.0 for Spring Boot",
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"packageName": "vertx-core",
"defaultStatus": "affected",
"cpes": [
"cpe:/a:redhat:camel_spring_boot:4"
]
},
{
"vendor": "Red Hat",
"product": "Red Hat build of Apache Camel for Spring Boot",
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"packageName": "vertx-core",
"defaultStatus": "affected",
"cpes": [
"cpe:/a:redhat:camel_spring_boot:3"
]
},
{
"vendor": "Red Hat",
"product": "Red Hat Build of Keycloak",
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"packageName": "vertx-core",
"defaultStatus": "affected",
"cpes": [
"cpe:/a:redhat:build_keycloak:22"
]
},
{
"vendor": "Red Hat",
"product": "Red Hat build of OptaPlanner 8",
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"packageName": "vertx-core",
"defaultStatus": "affected",
"cpes": [
"cpe:/a:redhat:optaplanner:::el6"
]
},
{
"vendor": "Red Hat",
"product": "Red Hat build of Quarkus",
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"packageName": "io.vertx/vertx-core",
"defaultStatus": "affected",
"cpes": [
"cpe:/a:redhat:quarkus:2"
]
},
{
"vendor": "Red Hat",
"product": "Red Hat Data Grid 8",
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"packageName": "vertx-core",
"defaultStatus": "unaffected",
"cpes": [
"cpe:/a:redhat:jboss_data_grid:8"
]
},
{
"vendor": "Red Hat",
"product": "Red Hat Integration Camel K",
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"packageName": "vertx-core",
"defaultStatus": "affected",
"cpes": [
"cpe:/a:redhat:integration:1"
]
},
{
"vendor": "Red Hat",
"product": "Red Hat Integration Camel Quarkus",
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"packageName": "vertx-core",
"defaultStatus": "affected",
"cpes": [
"cpe:/a:redhat:camel_quarkus:2"
]
},
{
"vendor": "Red Hat",
"product": "Red Hat JBoss A-MQ 7",
"collectionURL": "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html",
"packageName": "vertx-core",
"defaultStatus": "unaffected",
"cpes": [
"cpe:/a:redhat:amq_broker:7"
]
},
{
"vendor": "Red Hat",
"product": "Red Hat JBoss Data Grid 7",
"collectionURL": "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html",
"packageName": "vertx-core",
"defaultStatus": "affected",
"cpes": [
"cpe:/a:redhat:jboss_data_grid:7"
]
},
{
"vendor": "Red Hat",
"product": "Red Hat JBoss Enterprise Application Platform 7",
"collectionURL": "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html",
"packageName": "vertx-core",
"defaultStatus": "unaffected",
"cpes": [
"cpe:/a:redhat:jboss_enterprise_application_platform:7"
]
},
{
"vendor": "Red Hat",
"product": "Red Hat JBoss Enterprise Application Platform 8",
"collectionURL": "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html",
"packageName": "vertx-core",
"defaultStatus": "unaffected",
"cpes": [
"cpe:/a:redhat:jboss_enterprise_application_platform:8"
]
},
{
"vendor": "Red Hat",
"product": "Red Hat JBoss Enterprise Application Platform Expansion Pack",
"collectionURL": "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html",
"packageName": "vertx-core",
"defaultStatus": "unaffected",
"cpes": [
"cpe:/a:redhat:jbosseapxp"
]
},
{
"vendor": "Red Hat",
"product": "Red Hat JBoss Fuse 7",
"collectionURL": "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html",
"packageName": "vertx-core",
"defaultStatus": "unaffected",
"cpes": [
"cpe:/a:redhat:jboss_fuse:7"
]
},
{
"vendor": "Red Hat",
"product": "Red Hat Process Automation 7",
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"packageName": "vertx-core",
"defaultStatus": "affected",
"cpes": [
"cpe:/a:redhat:jboss_enterprise_bpms_platform:7"
]
}
]References
access.redhat.com/errata/RHSA-2024:1662
access.redhat.com/errata/RHSA-2024:1706
access.redhat.com/errata/RHSA-2024:1923
access.redhat.com/errata/RHSA-2024:2088
access.redhat.com/errata/RHSA-2024:2833
access.redhat.com/errata/RHSA-2024:3527
access.redhat.com/errata/RHSA-2024:3989
access.redhat.com/security/cve/CVE-2024-1300
bugzilla.redhat.com/show_bug.cgi?id=2263139
vertx.io/docs/vertx-core/java/#_server_name_indication_sni.
Related
redhatcve
redhatcve
CVE-2024-1300
2024-02-07 07:29:55
cve
cve
CVE-2024-1300
2024-04-02 08:15:53
ibm
ibm
Security Bulletin: IBM Event Streams is vulnerable to a denial of service attack due to the Eclipse Vert.x component (CVE-2024-1300).
2024-06-25 09:02:05
veracode
veracode
Memory Leak
2024-04-03 05:50:04
github
github
Eclipse Vert.x vulnerable to a memory leak in TCP servers
2024-04-02 09:30:42
nessus
nessus
RHEL 6 : vertx-core (Unpatched Vulnerability)
2024-06-19 00:00:00
osv
osv
Eclipse Vert.x vulnerable to a memory leak in TCP servers
2024-04-02 09:30:42
nvd
nvd
CVE-2024-1300
2024-04-02 08:15:53
vulnrichment
vulnrichment
5.4 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
LOW
Integrity Impact
NONE
Availability Impact
LOW
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:L
5.5 Medium
AI Score
Confidence
High
0.0004 Low
EPSS
Percentile
13.0%
Related for CVELIST:CVE-2024-1300