CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
LOW
Integrity Impact
NONE
Availability Impact
LOW
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:L
AI Score
Confidence
Low
SSVC
Exploitation
none
Automatable
no
Technical Impact
partial
A vulnerability in the Eclipse Vert.x toolkit causes a memory leak in TCP servers configured with TLS and SNI support. When processing an unknown SNI server name assigned the default certificate instead of a mapped certificate, the SSL context is erroneously cached in the server name map, leading to memory exhaustion. This flaw allows attackers to send TLS client hello messages with fake server names, triggering a JVM out-of-memory error.
access.redhat.com/errata/RHSA-2024:1662
access.redhat.com/errata/RHSA-2024:1706
access.redhat.com/errata/RHSA-2024:1923
access.redhat.com/errata/RHSA-2024:2088
access.redhat.com/errata/RHSA-2024:2833
access.redhat.com/errata/RHSA-2024:3527
access.redhat.com/errata/RHSA-2024:3989
access.redhat.com/errata/RHSA-2024:4884
access.redhat.com/security/cve/CVE-2024-1300
bugzilla.redhat.com/show_bug.cgi?id=2263139
vertx.io/docs/vertx-core/java/#_server_name_indication_sni.
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
LOW
Integrity Impact
NONE
Availability Impact
LOW
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:L
AI Score
Confidence
Low
SSVC
Exploitation
none
Automatable
no
Technical Impact
partial