5.4 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
LOW
Integrity Impact
NONE
Availability Impact
LOW
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:L
6.7 Medium
AI Score
Confidence
High
0.0004 Low
EPSS
Percentile
13.2%
vertx-core is vulnerable to a Memory Leak. The vulnerability is due to erroneous caching in the server name map for TCP servers configured with TLS and SNI support. This allows attackers to send TLS client hello messages with fake server names, triggering a JVM out-of-memory error.
CPE | Name | Operator | Version |
---|---|---|---|
vert.x core | le | 4.4.7 | |
vert.x core | le | 4.5.2 | |
vert.x core | le | 4.4.7 | |
vert.x core | le | 4.5.2 |
access.redhat.com/errata/RHSA-2024:1662
access.redhat.com/errata/RHSA-2024:1706
access.redhat.com/errata/RHSA-2024:1923
access.redhat.com/errata/RHSA-2024:2088
access.redhat.com/errata/RHSA-2024:2833
access.redhat.com/errata/RHSA-2024:3527
access.redhat.com/errata/RHSA-2024:3989
access.redhat.com/security/cve/CVE-2024-1300
bugzilla.redhat.com/show_bug.cgi?id=2263139
github.com/advisories/GHSA-9ph3-v2vh-3qx7
github.com/eclipse-vertx/vert.x/commit/1b8a5bd4662a1dc0e7f4a39ad78dd5b3b75589ad
github.com/eclipse-vertx/vert.x/pull/5101
vertx.io/docs/vertx-core/java/#_server_name_indication_sni.
5.4 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
LOW
Integrity Impact
NONE
Availability Impact
LOW
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:L
6.7 Medium
AI Score
Confidence
High
0.0004 Low
EPSS
Percentile
13.2%