Lucene search

[email protected]NVD:CVE-2024-8391

HistorySep 04, 2024 - 4:15 p.m.

CVE-2024-8391

2024-09-0416:15:09

CWE-770

[email protected]

web.nvd.nist.gov

eclipse vert.x

grpc server

message payload length

maven gav

io vertx

vulnerability

patched

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

EPSS

Percentile

14.0%

JSON

In Eclipse Vert.x version 4.3.0 to 4.5.9, the gRPC server does not limit the maximum length of message payload (Maven GAV: io.vertx:vertx-grpc-server and io.vertx:vertx-grpc-client).

This is fixed in the 4.5.10 version.

Note this does not affect the Vert.x gRPC server based grpc-java and Netty libraries (Maven GAV: io.vertx:vertx-grpc)

Affected configurations

Nvd

Node

eclipsevert.xRange4.3.0–4.5.10

VendorProductVersionCPE
eclipsevert.x*cpe:2.3:a:eclipse:vert.x:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
eclipse	vert.x	*	cpe:2.3:a:eclipse:vert.x::::::::

References

github.com/eclipse-vertx/vertx-grpc/issues/113

gitlab.eclipse.org/security/cve-assignement/-/issues/31

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

EPSS

Percentile

14.0%

JSON

Related for NVD:CVE-2024-8391

cve1 github1 cvelist1 vulnrichment1 osv2 redhatcve1