CVE-2024-41172

See a problem?

Source

https://nvd.nist.gov/vuln/detail/CVE-2024-41172

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-41172.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2024-41172

Aliases

GHSA-4mgg-fqfq-64hg

Published

2024-07-19T09:15:05Z

Modified

2024-09-03T04:40:43.044679Z

Severity

7.5 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVSS Calculator

Summary

[none]

Details

In versions of Apache CXF before 3.6.4 and 4.0.5 (3.5.x and lower versions are not impacted), a CXF HTTP client conduit may prevent HTTPClient instances from being garbage collected and it is possible that memory consumption will continue to increase, eventually causing the application to run out of memory

References

https://lists.apache.org/thread/n2hvbrgwpdtcqdccod8by28ynnolybl6

Affected packages

Git / github.com/apache/cxf

Affected ranges

Type: GIT
Repo: https://github.com/apache/cxf
Events: Introduced

4cf375c5436f3e806293a73a5bb6a8510f7ac961

Fixed

6b27aec74e5329b60e84ff2478c854bf2acf3db5

Affected versions

cxf-3.*

cxf-3.6.0

cxf-3.6.1

cxf-3.6.2

cxf-3.6.3