CVE-2024-8391

Source
https://cve.org/CVERecord?id=CVE-2024-8391
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-8391.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2024-8391
Aliases
Published
2024-09-04T15:27:58.478Z
Modified
2026-07-08T08:11:53.912054503Z
Severity
  • 6.9 (Medium) CVSS_V4 - CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N CVSS Calculator
Summary
Eclipse Vert.x gRPC server does not limit the maximum message size
Details

In Eclipse Vert.x version 4.3.0 to 4.5.9, the gRPC server does not limit the maximum length of message payload (Maven GAV: io.vertx:vertx-grpc-server and io.vertx:vertx-grpc-client). 

This is fixed in the 4.5.10 version. 

Note this does not affect the Vert.x gRPC server based grpc-java and Netty libraries (Maven GAV: io.vertx:vertx-grpc)

Database specific
{
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2024/8xxx/CVE-2024-8391.json",
    "cna_assigner": "eclipse",
    "cwe_ids": [
        "CWE-770"
    ]
}
References

Affected packages

Git / github.com/eclipse-vertx/vert.x

Affected ranges

Type
GIT
Repo
https://github.com/eclipse-vertx/vert.x
Events
Database specific
{
    "cpe": "cpe:2.3:a:eclipse:vert.x:*:*:*:*:*:*:*:*",
    "extracted_events": [
        {
            "introduced": "4.3.0"
        },
        {
            "fixed": "4.5.10"
        }
    ],
    "source": "CPE_RANGE"
}
Type
GIT
Repo
https://github.com/eclipse-vertx/vertx-grpc
Events
Database specific
{
    "extracted_events": [
        {
            "introduced": "4.3.0"
        },
        {
            "fixed": "4.5.10"
        }
    ],
    "source": "AFFECTED_FIELD"
}
Type
GIT
Repo
https://github.com/vert-x3/vertx-web
Events
Database specific
{
    "cpe": "cpe:2.3:a:eclipse:vert.x:*:*:*:*:*:*:*:*",
    "extracted_events": [
        {
            "introduced": "4.3.0"
        },
        {
            "fixed": "4.5.10"
        }
    ],
    "source": "CPE_RANGE"
}

Affected versions

4.*
4.3.0
4.3.1
4.3.2
4.3.3
4.3.4
4.3.5
4.4.0
4.4.1
4.4.2
4.4.3
4.4.4
4.4.5
4.5.0
4.5.1
4.5.2
4.5.3
4.5.4
4.5.5
4.5.6
4.5.7
4.5.8
4.5.9

Database specific

source
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-8391.json"