Lucene search

Redhat.comRH:CVE-2024-8391

HistorySep 04, 2024 - 7:12 p.m.

CVE-2024-8391

2024-09-0419:12:21

redhat.com

access.redhat.com

eclipse vert.x

grpc server

message payload

cve-2024-8391

vert.x 4.3.0 to 4.5.9

vertx-grpc-server

vertx-grpc-client

4.5.10 version

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CVSS4

6.9

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/SC:N/VI:N/SI:N/VA:L/SA:N

EPSS

Percentile

14.0%

JSON

A flaw was found in the gRPC server in Eclipse Vert.x, which does not limit the maximum length of the message payload. This may lead to excessive memory consumption in a server or a client, causing a denial of service.

Mitigation

Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.

References

bugzilla.redhat.com/show_bug.cgi?id=2309758

github.com/eclipse-vertx/vertx-grpc/issues/113

gitlab.eclipse.org/security/cve-assignement/-/issues/31

nvd.nist.gov/vuln/detail/CVE-2024-8391

www.cve.org/CVERecord?id=CVE-2024-8391

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CVSS4

6.9

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/SC:N/VI:N/SI:N/VA:L/SA:N

EPSS

Percentile

14.0%

JSON

Related for RH:CVE-2024-8391