159 matches found
CVE-2024-8391
In Eclipse Vert.x version 4.3.0 to 4.5.9, the gRPC server does not limit the maximum length of message payload Maven GAV: io.vertx:vertx-grpc-server and io.vertx:vertx-grpc-client. This is fixed in the 4.5.10 version. Note this does not affect the Vert.x gRPC server based grpc-java and Netty...
CVE-2024-8391
CVE-2024-8391 affects Eclipse Vert.x gRPC server components (io.vertx:vertx-grpc-server and vertx-grpc-client) across Vert.x 4.3.0–4.5.9. The underlying issue is an unbounded maximum payload length in the gRPC server, which can lead to memory exhaustion and denial of service. The fix is available...
CVE-2024-8391 Eclipse Vert.x gRPC server does not limit the maximum message size
In Eclipse Vert.x version 4.3.0 to 4.5.9, the gRPC server does not limit the maximum length of message payload Maven GAV: io.vertx:vertx-grpc-server and io.vertx:vertx-grpc-client. This is fixed in the 4.5.10 version. Note this does not affect the Vert.x gRPC server based grpc-java and Netty...
CVE-2024-8391 Eclipse Vert.x gRPC server does not limit the maximum message size
In Eclipse Vert.x version 4.3.0 to 4.5.9, the gRPC server does not limit the maximum length of message payload Maven GAV: io.vertx:vertx-grpc-server and io.vertx:vertx-grpc-client. This is fixed in the 4.5.10 version. Note this does not affect the Vert.x gRPC server based grpc-java and Netty...
CVE-2024-8391 Eclipse Vert.x gRPC server does not limit the maximum message size
In Eclipse Vert.x version 4.3.0 to 4.5.9, the gRPC server does not limit the maximum length of message payload Maven GAV: io.vertx:vertx-grpc-server and io.vertx:vertx-grpc-client. This is fixed in the 4.5.10 version. Note this does not affect the Vert.x gRPC server based grpc-java and Netty...
Eclipse Vert.x 安全漏洞
Eclipse Vert.x is an Eclipse Foundation toolkit for building responsive applications on the JVM. A security vulnerability exists in Eclipse Vert.x versions 4.3.0 through 4.5.9 that stems from the gRPC server not limiting the maximum length of the message load...
Important: Red Hat Security Advisory: Red Hat Build of Apache Camel 4.4.1 for Spring Boot security update.
Red Hat build of Apache Camel 4.4.1 for Spring Boot release and security update is now available. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available fo...
Security Bulletin: IBM Event Streams is vulnerable to a denial of service attack due to the Eclipse Vert.x component (CVE-2024-1300).
Summary IBM Event Streams is vulnerable to a denial of service attack due to the Eclipse Vert.x component. Vert. x is a toolkit to build reactive microservices.It is used to create a highly scalable and performant event-driven architecture for managing Kafka clusters. Vulnerability Details...
RHEL 6 : vert.x (Unpatched Vulnerability)
The remote Redhat Enterprise Linux 6 host has one or more packages installed that are affected by a vulnerability that has been acknowledged by the vendor but will not be patched. - io.vertx/vertx-core: memory leak due to the use of Netty FastThreadLocal data structures in Vertx CVE-2024-1023 Not...
Security Bulletin: security vulnerabilities are addressed with IBM Business Automation Insights iFix for May 2024.
Summary Security vulnerabilities are addressed with IBM Business Automation Insights 23.0.2-IF005. Vulnerability Details CVEID:CVE-2024-29025 DESCRIPTION: Netty is vulnerable to a denial of service, caused by a flaw when using the HttpPostRequestDecoder to decode a form. By sending a specially...
Security Bulletin: IBM Observability with Instana using third-party Kubernetes Operators is affected by Multiple Security Vulnerabilities
Summary Multiple vulnerabilities were remediated in IBM Observability with Instana using third-party Kubernetes Operators build 271. Vulnerability Details CVEID:CVE-2024-1023 DESCRIPTION: Eclipse Vert.x is vulnerable to a denial of service, caused by a memory leak due to the use of Netty...
Important: Red Hat Security Advisory: Red Hat build of Cryostat security update
An update is now available for the Red Hat build of Cryostat 2 on RHEL 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability fro...
Security Bulletin: security vulnerabilities are addressed with IBM Business Automation Insights iFix for April 2024.
Summary Security vulnerabilities are addressed with IBM Business Automation Insights 23.0.2-IF004. Vulnerability Details CVEID:CVE-2024-29041 DESCRIPTION: Express.js Express could allow a remote attacker to conduct phishing attacks, caused by an open redirect vulnerability. An attacker could...
Eclipse Vert.x vulnerable to a memory leak in TCP servers
A vulnerability in the Eclipse Vert.x toolkit causes a memory leak in TCP servers configured with TLS and SNI support. When processing an unknown SNI server name assigned the default certificate instead of a mapped certificate, the SSL context is erroneously cached in the server name map, leading...
CVE-2024-1300
A vulnerability in the Eclipse Vert.x toolkit causes a memory leak in TCP servers configured with TLS and SNI support. When processing an unknown SNI server name assigned the default certificate instead of a mapped certificate, the SSL context is erroneously cached in the server name map, leading...
CVE-2024-1300
CVE-2024-1300 affects the Eclipse Vert.x toolkit. The issue causes a memory leak in TLS/SNI-enabled TCP servers when processing an unknown SNI, leading to SSL context caching in the server name map and potential JVM out-of-memory. Public details in the provided documents specify the vulnerability...
CVE-2024-1300 Io.vertx:vertx-core: memory leak when a tcp server is configured with tls and sni support
A vulnerability in the Eclipse Vert.x toolkit causes a memory leak in TCP servers configured with TLS and SNI support. When processing an unknown SNI server name assigned the default certificate instead of a mapped certificate, the SSL context is erroneously cached in the server name map, leading...
CVE-2024-1300 Io.vertx:vertx-core: memory leak when a tcp server is configured with tls and sni support
A vulnerability in the Eclipse Vert.x toolkit causes a memory leak in TCP servers configured with TLS and SNI support. When processing an unknown SNI server name assigned the default certificate instead of a mapped certificate, the SSL context is erroneously cached in the server name map, leading...
Eclipse Vert.x memory leak
A vulnerability in the Eclipse Vert.x toolkit results in a memory leak due to using Netty FastThreadLocal data structures. Specifically, when the Vert.x HTTP client establishes connections to different hosts, triggering the memory leak. The leak can be accelerated with intimate runtime knowledge,...
CVE-2024-1023
A vulnerability in the Eclipse Vert.x toolkit results in a memory leak due to using Netty FastThreadLocal data structures. Specifically, when the Vert.x HTTP client establishes connections to different hosts, triggering the memory leak. The leak can be accelerated with intimate runtime knowledge,...