CVE-2024-1300

🗓️ 02 Apr 2024 07:33:05Reported by redhatType

A vulnerability in Eclipse Vert.x toolkit causing memory leak in TLS/SNI TCP server

Reporter	Title	Published	Views	Family All 39
IBM Security Bulletins	Security Bulletin: Multiple Vulnerabilities in IBM Event Processing.	15 Jul 202405:40	–	ibm
IBM Security Bulletins	Security Bulletin: Multiple vulnerabilities found in IBM Security Verify Information Queue	10 Sep 202517:35	–	ibm
IBM Security Bulletins	Security Bulletin: IBM Observability with Instana (OnPrem) is affected by multiple security vulnerabilities	27 Feb 202509:34	–	ibm
IBM Security Bulletins	Security Bulletin:IBM Asset Data Dictionary Component uses vertx-core-4.5.0.jar which is vulnerable to CVE-2024-1023 and CVE-2024-1300.	2 May 202411:00	–	ibm
IBM Security Bulletins	Security Bulletin: security vulnerabilities are addressed with IBM Business Automation Insights iFix for May 2024.	31 May 202410:42	–	ibm
IBM Security Bulletins	Security Bulletin: IBM Observability with Instana using third-party Kubernetes Operators is affected by Multiple Security Vulnerabilities	20 May 202406:22	–	ibm
IBM Security Bulletins	Security Bulletin: IBM Event Streams is vulnerable to a denial of service attack due to the Eclipse Vert.x component (CVE-2024-1023,CVE-2024-1300).	3 Feb 202522:36	–	ibm
IBM Security Bulletins	Security Bulletin: Vulnerability in Eclipse Vert.x toolkit affects IBM watsonx Assistant for IBM Cloud Pak for Data	5 Feb 202520:05	–	ibm
IBM Security Bulletins	Security Bulletin: IBM Event Streams is vulnerable to a denial of service attack due to the Eclipse Vert.x component (CVE-2024-1300).	25 Jun 202409:02	–	ibm
IBM Security Bulletins	Security Bulletin: Multiple Vulnerabilities in IBM Event Endpoint Management	8 Jul 202405:17	–	ibm

[
  {
    "versions": [
      {
        "status": "affected",
        "version": "4.3.4",
        "versionType": "semver",
        "lessThanOrEqual": "4.5.2"
      }
    ],
    "packageName": "io.vertx:vertx-core",
    "collectionURL": "https://vertx.io/docs/vertx-core/java/",
    "defaultStatus": "unaffected"
  },
  {
    "vendor": "Red Hat",
    "product": "CEQ 3.2",
    "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
    "defaultStatus": "unaffected",
    "packageName": "vertx-core",
    "cpes": [
      "cpe:/a:redhat:camel_quarkus:3"
    ]
  },
  {
    "vendor": "Red Hat",
    "product": "Cryostat 2 on RHEL 8",
    "collectionURL": "https://catalog.redhat.com/software/containers/",
    "packageName": "cryostat-tech-preview/cryostat-grafana-dashboard-rhel8",
    "defaultStatus": "affected",
    "versions": [
      {
        "version": "2.4.0-7",
        "lessThan": "*",
        "versionType": "rpm",
        "status": "unaffected"
      }
    ],
    "cpes": [
      "cpe:/a:redhat:cryostat:2::el8"
    ]
  },
  {
    "vendor": "Red Hat",
    "product": "Cryostat 2 on RHEL 8",
    "collectionURL": "https://catalog.redhat.com/software/containers/",
    "packageName": "cryostat-tech-preview/cryostat-operator-bundle",
    "defaultStatus": "affected",
    "versions": [
      {
        "version": "2.4.0-4",
        "lessThan": "*",
        "versionType": "rpm",
        "status": "unaffected"
      }
    ],
    "cpes": [
      "cpe:/a:redhat:cryostat:2::el8"
    ]
  },
  {
    "vendor": "Red Hat",
    "product": "Cryostat 2 on RHEL 8",
    "collectionURL": "https://catalog.redhat.com/software/containers/",
    "packageName": "cryostat-tech-preview/cryostat-reports-rhel8",
    "defaultStatus": "affected",
    "versions": [
      {
        "version": "2.4.0-4",
        "lessThan": "*",
        "versionType": "rpm",
        "status": "unaffected"
      }
    ],
    "cpes": [
      "cpe:/a:redhat:cryostat:2::el8"
    ]
  },
  {
    "vendor": "Red Hat",
    "product": "Cryostat 2 on RHEL 8",
    "collectionURL": "https://catalog.redhat.com/software/containers/",
    "packageName": "cryostat-tech-preview/cryostat-rhel8",
    "defaultStatus": "affected",
    "versions": [
      {
        "version": "2.4.0-4",
        "lessThan": "*",
        "versionType": "rpm",
        "status": "unaffected"
      }
    ],
    "cpes": [
      "cpe:/a:redhat:cryostat:2::el8"
    ]
  },
  {
    "vendor": "Red Hat",
    "product": "Cryostat 2 on RHEL 8",
    "collectionURL": "https://catalog.redhat.com/software/containers/",
    "packageName": "cryostat-tech-preview/cryostat-rhel8-operator",
    "defaultStatus": "affected",
    "versions": [
      {
        "version": "2.4.0-9",
        "lessThan": "*",
        "versionType": "rpm",
        "status": "unaffected"
      }
    ],
    "cpes": [
      "cpe:/a:redhat:cryostat:2::el8"
    ]
  },
  {
    "vendor": "Red Hat",
    "product": "Cryostat 2 on RHEL 8",
    "collectionURL": "https://catalog.redhat.com/software/containers/",
    "packageName": "cryostat-tech-preview/jfr-datasource-rhel8",
    "defaultStatus": "affected",
    "versions": [
      {
        "version": "2.4.0-4",
        "lessThan": "*",
        "versionType": "rpm",
        "status": "unaffected"
      }
    ],
    "cpes": [
      "cpe:/a:redhat:cryostat:2::el8"
    ]
  },
  {
    "vendor": "Red Hat",
    "product": "Migration Toolkit for Runtimes 1 on RHEL 8",
    "collectionURL": "https://catalog.redhat.com/software/containers/",
    "packageName": "mtr/mtr-operator-bundle",
    "defaultStatus": "affected",
    "versions": [
      {
        "version": "1.2-18",
        "lessThan": "*",
        "versionType": "rpm",
        "status": "unaffected"
      }
    ],
    "cpes": [
      "cpe:/a:redhat:migration_toolkit_runtimes:1.0::el8"
    ]
  },
  {
    "vendor": "Red Hat",
    "product": "Migration Toolkit for Runtimes 1 on RHEL 8",
    "collectionURL": "https://catalog.redhat.com/software/containers/",
    "packageName": "mtr/mtr-rhel8-operator",
    "defaultStatus": "affected",
    "versions": [
      {
        "version": "1.2-11",
        "lessThan": "*",
        "versionType": "rpm",
        "status": "unaffected"
      }
    ],
    "cpes": [
      "cpe:/a:redhat:migration_toolkit_runtimes:1.0::el8"
    ]
  },
  {
    "vendor": "Red Hat",
    "product": "Migration Toolkit for Runtimes 1 on RHEL 8",
    "collectionURL": "https://catalog.redhat.com/software/containers/",
    "packageName": "mtr/mtr-web-container-rhel8",
    "defaultStatus": "affected",
    "versions": [
      {
        "version": "1.2-12",
        "lessThan": "*",
        "versionType": "rpm",
        "status": "unaffected"
      }
    ],
    "cpes": [
      "cpe:/a:redhat:migration_toolkit_runtimes:1.0::el8"
    ]
  },
  {
    "vendor": "Red Hat",
    "product": "Migration Toolkit for Runtimes 1 on RHEL 8",
    "collectionURL": "https://catalog.redhat.com/software/containers/",
    "packageName": "mtr/mtr-web-executor-container-rhel8",
    "defaultStatus": "affected",
    "versions": [
      {
        "version": "1.2-10",
        "lessThan": "*",
        "versionType": "rpm",
        "status": "unaffected"
      }
    ],
    "cpes": [
      "cpe:/a:redhat:migration_toolkit_runtimes:1.0::el8"
    ]
  },
  {
    "vendor": "Red Hat",
    "product": "MTA-6.2-RHEL-9",
    "collectionURL": "https://catalog.redhat.com/software/containers/",
    "packageName": "mta/mta-windup-addon-rhel9",
    "defaultStatus": "affected",
    "versions": [
      {
        "version": "6.2.3-2",
        "lessThan": "*",
        "versionType": "rpm",
        "status": "unaffected"
      }
    ],
    "cpes": [
      "cpe:/a:redhat:migration_toolkit_applications:6.2::el9",
      "cpe:/a:redhat:migration_toolkit_applications:6.2::el8"
    ]
  },
  {
    "vendor": "Red Hat",
    "product": "Red Hat AMQ Streams 2.7.0",
    "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
    "defaultStatus": "unaffected",
    "packageName": "vertx-core",
    "cpes": [
      "cpe:/a:redhat:amq_streams:2"
    ]
  },
  {
    "vendor": "Red Hat",
    "product": "Red Hat build of Apache Camel 4.4.1 for Spring Boot 3.2",
    "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
    "defaultStatus": "unaffected",
    "packageName": "vertx-core",
    "cpes": [
      "cpe:/a:redhat:apache_camel_spring_boot:4.4::el6"
    ]
  },
  {
    "vendor": "Red Hat",
    "product": "Red Hat build of Quarkus 3.2.11.Final",
    "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
    "packageName": "io.vertx/vertx-core",
    "defaultStatus": "affected",
    "versions": [
      {
        "version": "4.4.8.redhat-00001",
        "lessThan": "*",
        "versionType": "rpm",
        "status": "unaffected"
      }
    ],
    "cpes": [
      "cpe:/a:redhat:quarkus:3.2::el8"
    ]
  },
  {
    "vendor": "Red Hat",
    "product": "RHINT Service Registry 2.5.11 GA",
    "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
    "defaultStatus": "unaffected",
    "packageName": "vertx-core",
    "cpes": [
      "cpe:/a:redhat:service_registry:2.5"
    ]
  },
  {
    "vendor": "Red Hat",
    "product": "A-MQ Clients 2",
    "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
    "packageName": "vertx-core",
    "defaultStatus": "unaffected",
    "cpes": [
      "cpe:/a:redhat:a_mq_clients:2"
    ]
  },
  {
    "vendor": "Red Hat",
    "product": "OpenShift Serverless",
    "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
    "packageName": "vertx-core",
    "defaultStatus": "unaffected",
    "cpes": [
      "cpe:/a:redhat:serverless:1"
    ]
  },
  {
    "vendor": "Red Hat",
    "product": "Red Hat AMQ Broker 7",
    "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
    "packageName": "vertx-core",
    "defaultStatus": "unaffected",
    "cpes": [
      "cpe:/a:redhat:amq_broker:7"
    ]
  },
  {
    "vendor": "Red Hat",
    "product": "Red Hat build of Apache Camel for Spring Boot 3",
    "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
    "packageName": "vertx-core",
    "defaultStatus": "affected",
    "cpes": [
      "cpe:/a:redhat:camel_spring_boot:3"
    ]
  },
  {
    "vendor": "Red Hat",
    "product": "Red Hat Build of Keycloak",
    "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
    "packageName": "vertx-core",
    "defaultStatus": "affected",
    "cpes": [
      "cpe:/a:redhat:build_keycloak:"
    ]
  },
  {
    "vendor": "Red Hat",
    "product": "Red Hat build of OptaPlanner 8",
    "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
    "packageName": "vertx-core",
    "defaultStatus": "affected",
    "cpes": [
      "cpe:/a:redhat:optaplanner:::el6"
    ]
  },
  {
    "vendor": "Red Hat",
    "product": "Red Hat build of Quarkus",
    "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
    "packageName": "io.vertx/vertx-core",
    "defaultStatus": "affected",
    "cpes": [
      "cpe:/a:redhat:quarkus:2"
    ]
  },
  {
    "vendor": "Red Hat",
    "product": "Red Hat Data Grid 8",
    "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
    "packageName": "vertx-core",
    "defaultStatus": "unaffected",
    "cpes": [
      "cpe:/a:redhat:jboss_data_grid:8"
    ]
  },
  {
    "vendor": "Red Hat",
    "product": "Red Hat Fuse 7",
    "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
    "packageName": "vertx-core",
    "defaultStatus": "unaffected",
    "cpes": [
      "cpe:/a:redhat:jboss_fuse:7"
    ]
  },
  {
    "vendor": "Red Hat",
    "product": "Red Hat Integration Camel K 1",
    "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
    "packageName": "vertx-core",
    "defaultStatus": "affected",
    "cpes": [
      "cpe:/a:redhat:integration:1"
    ]
  },
  {
    "vendor": "Red Hat",
    "product": "Red Hat Integration Camel Quarkus 2",
    "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
    "packageName": "vertx-core",
    "defaultStatus": "affected",
    "cpes": [
      "cpe:/a:redhat:camel_quarkus:2"
    ]
  },
  {
    "vendor": "Red Hat",
    "product": "Red Hat JBoss Data Grid 7",
    "collectionURL": "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html",
    "packageName": "vertx-core",
    "defaultStatus": "affected",
    "cpes": [
      "cpe:/a:redhat:jboss_data_grid:7"
    ]
  },
  {
    "vendor": "Red Hat",
    "product": "Red Hat JBoss Enterprise Application Platform 7",
    "collectionURL": "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html",
    "packageName": "vertx-core",
    "defaultStatus": "unaffected",
    "cpes": [
      "cpe:/a:redhat:jboss_enterprise_application_platform:7"
    ]
  },
  {
    "vendor": "Red Hat",
    "product": "Red Hat JBoss Enterprise Application Platform 8",
    "collectionURL": "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html",
    "packageName": "vertx-core",
    "defaultStatus": "unaffected",
    "cpes": [
      "cpe:/a:redhat:jboss_enterprise_application_platform:8"
    ]
  },
  {
    "vendor": "Red Hat",
    "product": "Red Hat JBoss Enterprise Application Platform Expansion Pack",
    "collectionURL": "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html",
    "packageName": "vertx-core",
    "defaultStatus": "unaffected",
    "cpes": [
      "cpe:/a:redhat:jbosseapxp"
    ]
  },
  {
    "vendor": "Red Hat",
    "product": "Red Hat Process Automation 7",
    "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
    "packageName": "vertx-core",
    "defaultStatus": "affected",
    "cpes": [
      "cpe:/a:redhat:jboss_enterprise_bpms_platform:7"
    ]
  }
]

Source	Link
access	www.access.redhat.com/errata/RHSA-2024:3527
access	www.access.redhat.com/errata/RHSA-2024:4884
access	www.access.redhat.com/errata/RHSA-2024:1706
vertx	www.vertx.io/docs/vertx-core/java/
access	www.access.redhat.com/security/cve/CVE-2024-1300
access	www.access.redhat.com/errata/RHSA-2024:1923
access	www.access.redhat.com/errata/RHSA-2024:3989
access	www.access.redhat.com/errata/RHSA-2024:2088
access	www.access.redhat.com/errata/RHSA-2024:1662
access	www.access.redhat.com/errata/RHSA-2024:2833

15 Apr 2026 00:35Current

5.8Medium risk

Vulners AI Score5.8

CVSS 3.15.4

EPSS0.00245

SSVC

CWE-772