CVE-2024-1023

Source
https://cve.org/CVERecord?id=CVE-2024-1023
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-1023.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2024-1023
Aliases
Published
2024-03-27T07:51:15.716Z
Modified
2026-07-15T01:48:58.636196253Z
Severity
  • 6.5 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVSS Calculator
Summary
Io.vertx/vertx-core: memory leak due to the use of netty fastthreadlocal data structures in vertx
Details

A vulnerability in the Eclipse Vert.x toolkit results in a memory leak due to using Netty FastThreadLocal data structures. Specifically, when the Vert.x HTTP client establishes connections to different hosts, triggering the memory leak. The leak can be accelerated with intimate runtime knowledge, allowing an attacker to exploit this vulnerability. For instance, a server accepting arbitrary internet addresses could serve as an attack vector by connecting to these addresses, thereby accelerating the memory leak.

Database specific
{
    "cwe_ids": [
        "CWE-401"
    ],
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2024/1xxx/CVE-2024-1023.json",
    "cna_assigner": "redhat"
}
References

Affected packages

Git / github.com/eclipse-vertx/vert.x

Affected ranges

Type
GIT
Repo
https://github.com/eclipse-vertx/vert.x
Events
Database specific
{
    "extracted_events": [
        {
            "introduced": "4.4.5"
        },
        {
            "last_affected": "4.4.5"
        },
        {
            "introduced": "4.4.6"
        },
        {
            "last_affected": "4.4.6"
        },
        {
            "introduced": "4.5.0"
        },
        {
            "last_affected": "4.5.0"
        },
        {
            "introduced": "4.5.1"
        },
        {
            "last_affected": "4.5.1"
        }
    ],
    "source": "AFFECTED_FIELD"
}

Affected versions

4.*
4.4.5
4.4.6
4.5.0
4.5.1

Database specific

source
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-1023.json"