All the vulnerabilites related to Red Hat - Migration Toolkit for Runtimes
cve-2024-1023
Vulnerability from cvelistv5
Published
2024-03-27 07:51
Modified
2024-11-15 21:03
Severity ?
EPSS score ?
Summary
Io.vertx/vertx-core: memory leak due to the use of netty fastthreadlocal data structures in vertx
References
▼ | URL | Tags |
---|---|---|
https://access.redhat.com/errata/RHSA-2024:1662 | vendor-advisory, x_refsource_REDHAT | |
https://access.redhat.com/errata/RHSA-2024:1706 | vendor-advisory, x_refsource_REDHAT | |
https://access.redhat.com/errata/RHSA-2024:2088 | vendor-advisory, x_refsource_REDHAT | |
https://access.redhat.com/errata/RHSA-2024:2833 | vendor-advisory, x_refsource_REDHAT | |
https://access.redhat.com/errata/RHSA-2024:3527 | vendor-advisory, x_refsource_REDHAT | |
https://access.redhat.com/errata/RHSA-2024:3989 | vendor-advisory, x_refsource_REDHAT | |
https://access.redhat.com/errata/RHSA-2024:4884 | vendor-advisory, x_refsource_REDHAT | |
https://access.redhat.com/security/cve/CVE-2024-1023 | vdb-entry, x_refsource_REDHAT | |
https://bugzilla.redhat.com/show_bug.cgi?id=2260840 | issue-tracking, x_refsource_REDHAT | |
https://github.com/eclipse-vertx/vert.x/issues/5078 | ||
https://github.com/eclipse-vertx/vert.x/pull/5080 | ||
https://github.com/eclipse-vertx/vert.x/pull/5082 |
Impacted products
{ "containers": { "adp": [ { "metrics": [ { "other": { "content": { "id": "CVE-2024-1023", "options": [ { "Exploitation": "poc" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2024-04-03T17:46:25.667630Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-08-01T15:37:55.153Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" }, { "providerMetadata": { "dateUpdated": "2024-08-01T18:26:30.343Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "RHSA-2024:1662", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2024:1662" }, { "name": "RHSA-2024:1706", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2024:1706" }, { "name": "RHSA-2024:2088", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2024:2088" }, { "name": "RHSA-2024:2833", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2024:2833" }, { "name": "RHSA-2024:3527", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2024:3527" }, { "name": "RHSA-2024:3989", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2024:3989" }, { "name": "RHSA-2024:4884", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2024:4884" }, { "tags": [ "vdb-entry", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/security/cve/CVE-2024-1023" }, { "name": "RHBZ#2260840", "tags": [ "issue-tracking", "x_refsource_REDHAT", "x_transferred" ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2260840" }, { "tags": [ "x_transferred" ], "url": "https://github.com/eclipse-vertx/vert.x/issues/5078" }, { "tags": [ "x_transferred" ], "url": "https://github.com/eclipse-vertx/vert.x/pull/5080" }, { "tags": [ "x_transferred" ], "url": "https://github.com/eclipse-vertx/vert.x/pull/5082" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "collectionURL": "https://mvnrepository.com/artifact/io.vertx", "defaultStatus": "unaffected", "packageName": "vertx-core", "versions": [ { "status": "affected", "version": "4.4.5" }, { "status": "affected", "version": "4.4.6" }, { "status": "affected", "version": "4.5.0" }, { "status": "affected", "version": "4.5.1" } ] }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:camel_quarkus:3" ], "defaultStatus": "unaffected", "packageName": "vert.x", "product": "CEQ 3.2", "vendor": "Red Hat" }, { "collectionURL": "https://catalog.redhat.com/software/containers/", "cpes": [ "cpe:/a:redhat:cryostat:2::el8" ], "defaultStatus": "affected", "packageName": "cryostat-tech-preview/cryostat-grafana-dashboard-rhel8", "product": "Cryostat 2 on RHEL 8", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "2.4.0-7", "versionType": "rpm" } ] }, { "collectionURL": "https://catalog.redhat.com/software/containers/", "cpes": [ "cpe:/a:redhat:cryostat:2::el8" ], "defaultStatus": "affected", "packageName": "cryostat-tech-preview/cryostat-operator-bundle", "product": "Cryostat 2 on RHEL 8", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "2.4.0-4", "versionType": "rpm" } ] }, { "collectionURL": "https://catalog.redhat.com/software/containers/", "cpes": [ "cpe:/a:redhat:cryostat:2::el8" ], "defaultStatus": "affected", "packageName": "cryostat-tech-preview/cryostat-reports-rhel8", "product": "Cryostat 2 on RHEL 8", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "2.4.0-4", "versionType": "rpm" } ] }, { "collectionURL": "https://catalog.redhat.com/software/containers/", "cpes": [ "cpe:/a:redhat:cryostat:2::el8" ], "defaultStatus": "affected", "packageName": "cryostat-tech-preview/cryostat-rhel8", "product": "Cryostat 2 on RHEL 8", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "2.4.0-4", "versionType": "rpm" } ] }, { "collectionURL": "https://catalog.redhat.com/software/containers/", "cpes": [ "cpe:/a:redhat:cryostat:2::el8" ], "defaultStatus": "affected", "packageName": "cryostat-tech-preview/cryostat-rhel8-operator", "product": "Cryostat 2 on RHEL 8", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "2.4.0-9", "versionType": "rpm" } ] }, { "collectionURL": "https://catalog.redhat.com/software/containers/", "cpes": [ "cpe:/a:redhat:cryostat:2::el8" ], "defaultStatus": "affected", "packageName": "cryostat-tech-preview/jfr-datasource-rhel8", "product": "Cryostat 2 on RHEL 8", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "2.4.0-4", "versionType": "rpm" } ] }, { "collectionURL": "https://catalog.redhat.com/software/containers/", "cpes": [ "cpe:/a:redhat:migration_toolkit_applications:6.2::el9", "cpe:/a:redhat:migration_toolkit_applications:6.2::el8" ], "defaultStatus": "affected", "packageName": "mta/mta-windup-addon-rhel9", "product": "MTA-6.2-RHEL-9", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "6.2.3-2", "versionType": "rpm" } ] }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:amq_streams:2" ], "defaultStatus": "unaffected", "packageName": "vert.x", "product": "Red Hat AMQ Streams 2.7.0", "vendor": "Red Hat" }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:apache_camel_spring_boot:4.4.1" ], "defaultStatus": "unaffected", "packageName": "vert.x", "product": "Red Hat build of Apache Camel 4.4.1 for Spring Boot", "vendor": "Red Hat" }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:quarkus:3.2::el8" ], "defaultStatus": "affected", "packageName": "io.vertx/vertx-core", "product": "Red Hat build of Quarkus 3.2.11.Final", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "4.4.8.redhat-00001", "versionType": "rpm" } ] }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:service_registry:2.5" ], "defaultStatus": "unaffected", "packageName": "vert.x", "product": "RHINT Service Registry 2.5.11 GA", "vendor": "Red Hat" }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:a_mq_clients:2" ], "defaultStatus": "unaffected", "packageName": "vert.x", "product": "A-MQ Clients 2", "vendor": "Red Hat" }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:migration_toolkit_runtimes:1" ], "defaultStatus": "affected", "packageName": "vert.x", "product": "Migration Toolkit for Runtimes", "vendor": "Red Hat" }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:serverless:1" ], "defaultStatus": "unaffected", "packageName": "vert.x", "product": "OpenShift Serverless", "vendor": "Red Hat" }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:amq_broker:7" ], "defaultStatus": "unaffected", "packageName": "vert.x", "product": "Red Hat AMQ Broker 7", "vendor": "Red Hat" }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:camel_spring_boot:3" ], "defaultStatus": "affected", "packageName": "vert.x", "product": "Red Hat build of Apache Camel for Spring Boot 3", "vendor": "Red Hat" }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:build_keycloak:" ], "defaultStatus": "affected", "packageName": "vert.x", "product": "Red Hat Build of Keycloak", "vendor": "Red Hat" }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:optaplanner:::el6" ], "defaultStatus": "affected", "packageName": "vert.x", "product": "Red Hat build of OptaPlanner 8", "vendor": "Red Hat" }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:quarkus:2" ], "defaultStatus": "unaffected", "packageName": "io.vertx/vertx-core", "product": "Red Hat build of Quarkus", "vendor": "Red Hat" }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:jboss_data_grid:8" ], "defaultStatus": "affected", "packageName": "vert.x", "product": "Red Hat Data Grid 8", "vendor": "Red Hat" }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:jboss_fuse:7" ], "defaultStatus": "unaffected", "packageName": "vert.x", "product": "Red Hat Fuse 7", "vendor": "Red Hat" }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:integration:1" ], "defaultStatus": "affected", "packageName": "vert.x", "product": "Red Hat Integration Camel K", "vendor": "Red Hat" }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:camel_quarkus:2" ], "defaultStatus": "affected", "packageName": "vert.x", "product": "Red Hat Integration Camel Quarkus", "vendor": "Red Hat" }, { "collectionURL": "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html", "cpes": [ "cpe:/a:redhat:jboss_data_grid:7" ], "defaultStatus": "affected", "packageName": "vert.x", "product": "Red Hat JBoss Data Grid 7", "vendor": "Red Hat" }, { "collectionURL": "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html", "cpes": [ "cpe:/a:redhat:jboss_enterprise_application_platform:7" ], "defaultStatus": "unaffected", "packageName": "vert.x", "product": "Red Hat JBoss Enterprise Application Platform 7", "vendor": "Red Hat" }, { "collectionURL": "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html", "cpes": [ "cpe:/a:redhat:jboss_enterprise_application_platform:8" ], "defaultStatus": "unaffected", "packageName": "vert.x", "product": "Red Hat JBoss Enterprise Application Platform 8", "vendor": "Red Hat" }, { "collectionURL": "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html", "cpes": [ "cpe:/a:redhat:jbosseapxp" ], "defaultStatus": "unaffected", "packageName": "vert.x", "product": "Red Hat JBoss Enterprise Application Platform Expansion Pack", "vendor": "Red Hat" }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:jboss_enterprise_bpms_platform:7" ], "defaultStatus": "unaffected", "packageName": "vert.x", "product": "Red Hat Process Automation 7", "vendor": "Red Hat" } ], "datePublic": "2024-01-26T00:00:00+00:00", "descriptions": [ { "lang": "en", "value": "A vulnerability in the Eclipse Vert.x toolkit results in a memory leak due to using Netty FastThreadLocal data structures. Specifically, when the Vert.x HTTP client establishes connections to different hosts, triggering the memory leak. The leak can be accelerated with intimate runtime knowledge, allowing an attacker to exploit this vulnerability. For instance, a server accepting arbitrary internet addresses could serve as an attack vector by connecting to these addresses, thereby accelerating the memory leak." } ], "metrics": [ { "other": { "content": { "namespace": "https://access.redhat.com/security/updates/classification/", "value": "Moderate" }, "type": "Red Hat severity rating" } }, { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "format": "CVSS" } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-119", "description": "Improper Restriction of Operations within the Bounds of a Memory Buffer", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2024-11-15T21:03:27.370Z", "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat" }, "references": [ { "name": "RHSA-2024:1662", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2024:1662" }, { "name": "RHSA-2024:1706", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2024:1706" }, { "name": "RHSA-2024:2088", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2024:2088" }, { "name": "RHSA-2024:2833", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2024:2833" }, { "name": "RHSA-2024:3527", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2024:3527" }, { "name": "RHSA-2024:3989", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2024:3989" }, { "name": "RHSA-2024:4884", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2024:4884" }, { "tags": [ "vdb-entry", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/security/cve/CVE-2024-1023" }, { "name": "RHBZ#2260840", "tags": [ "issue-tracking", "x_refsource_REDHAT" ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2260840" }, { "url": "https://github.com/eclipse-vertx/vert.x/issues/5078" }, { "url": "https://github.com/eclipse-vertx/vert.x/pull/5080" }, { "url": "https://github.com/eclipse-vertx/vert.x/pull/5082" } ], "timeline": [ { "lang": "en", "time": "2024-01-29T00:00:00+00:00", "value": "Reported to Red Hat." }, { "lang": "en", "time": "2024-01-26T00:00:00+00:00", "value": "Made public." } ], "title": "Io.vertx/vertx-core: memory leak due to the use of netty fastthreadlocal data structures in vertx", "workarounds": [ { "lang": "en", "value": "Mitigation for this issue is either not available or the currently available options don\u0027t meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability." } ], "x_redhatCweChain": "CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer" } }, "cveMetadata": { "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "cveId": "CVE-2024-1023", "datePublished": "2024-03-27T07:51:15.716Z", "dateReserved": "2024-01-29T10:54:44.360Z", "dateUpdated": "2024-11-15T21:03:27.370Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2024-1132
Vulnerability from cvelistv5
Published
2024-04-17 13:21
Modified
2024-10-22 01:19
Severity ?
EPSS score ?
Summary
Keycloak: path transversal in redirection validation
References
Impacted products
{ "containers": { "adp": [ { "metrics": [ { "other": { "content": { "id": "CVE-2024-1132", "options": [ { "Exploitation": "poc" }, { "Automatable": "no" }, { "Technical Impact": "total" } ], "role": "CISA Coordinator", "timestamp": "2024-04-23T18:37:10.567431Z", "version": "2.0.3" }, "type": "ssvc" } } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-22", "description": "CWE-22 Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2024-06-04T17:59:39.871Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" }, { "providerMetadata": { "dateUpdated": "2024-08-01T18:26:30.564Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "RHSA-2024:1860", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2024:1860" }, { "name": "RHSA-2024:1861", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2024:1861" }, { "name": "RHSA-2024:1862", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2024:1862" }, { "name": "RHSA-2024:1864", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2024:1864" }, { "name": "RHSA-2024:1866", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2024:1866" }, { "name": "RHSA-2024:1867", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2024:1867" }, { "name": "RHSA-2024:1868", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2024:1868" }, { "name": "RHSA-2024:2945", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2024:2945" }, { "name": "RHSA-2024:3752", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2024:3752" }, { "name": "RHSA-2024:3762", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2024:3762" }, { "name": "RHSA-2024:3919", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2024:3919" }, { "name": "RHSA-2024:3989", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2024:3989" }, { "tags": [ "vdb-entry", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/security/cve/CVE-2024-1132" }, { "name": "RHBZ#2262117", "tags": [ "issue-tracking", "x_refsource_REDHAT", "x_transferred" ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2262117" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "collectionURL": "https://github.com/keycloak/keycloak", "defaultStatus": "unaffected", "packageName": "keycloak", "versions": [ { "lessThan": "22.0.10", "status": "affected", "version": "21.1.0", "versionType": "semver" }, { "lessThan": "24.0.3", "status": "affected", "version": "23.0.0", "versionType": "semver" } ] }, { "collectionURL": "https://catalog.redhat.com/software/containers/", "cpes": [ "cpe:/a:redhat:migration_toolkit_runtimes:1.0::el8" ], "defaultStatus": "affected", "packageName": "mtr/mtr-operator-bundle", "product": "Migration Toolkit for Runtimes 1 on RHEL 8", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "1.2-23", "versionType": "rpm" } ] }, { "collectionURL": "https://catalog.redhat.com/software/containers/", "cpes": [ "cpe:/a:redhat:migration_toolkit_runtimes:1.0::el8" ], "defaultStatus": "affected", "packageName": "mtr/mtr-rhel8-operator", "product": "Migration Toolkit for Runtimes 1 on RHEL 8", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "1.2-15", "versionType": "rpm" } ] }, { "collectionURL": "https://catalog.redhat.com/software/containers/", "cpes": [ "cpe:/a:redhat:migration_toolkit_runtimes:1.0::el8" ], "defaultStatus": "affected", "packageName": "mtr/mtr-web-container-rhel8", "product": "Migration Toolkit for Runtimes 1 on RHEL 8", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "1.2-16", "versionType": "rpm" } ] }, { "collectionURL": "https://catalog.redhat.com/software/containers/", "cpes": [ "cpe:/a:redhat:migration_toolkit_runtimes:1.0::el8" ], "defaultStatus": "affected", "packageName": "mtr/mtr-web-executor-container-rhel8", "product": "Migration Toolkit for Runtimes 1 on RHEL 8", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "1.2-14", "versionType": "rpm" } ] }, { "collectionURL": "https://catalog.redhat.com/software/containers/", "cpes": [ "cpe:/a:redhat:migration_toolkit_applications:6.2::el9", "cpe:/a:redhat:migration_toolkit_applications:6.2::el8" ], "defaultStatus": "affected", "packageName": "mta/mta-windup-addon-rhel9", "product": "MTA-6.2-RHEL-9", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "6.2.3-2", "versionType": "rpm" } ] }, { "collectionURL": "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html", "cpes": [ "cpe:/a:redhat:amq_broker:7.10" ], "defaultStatus": "unaffected", "packageName": "keycloak", "product": "Red Hat AMQ Broker 7", "vendor": "Red Hat" }, { "collectionURL": "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html", "cpes": [ "cpe:/a:redhat:amq_broker:7.11" ], "defaultStatus": "unaffected", "packageName": "keycloak", "product": "Red Hat AMQ Broker 7", "vendor": "Red Hat" }, { "collectionURL": "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html", "cpes": [ "cpe:/a:redhat:amq_broker:7.12" ], "defaultStatus": "unaffected", "packageName": "keycloak", "product": "Red Hat AMQ Broker 7", "vendor": "Red Hat" }, { "collectionURL": "https://catalog.redhat.com/software/containers/", "cpes": [ "cpe:/a:redhat:build_keycloak:22::el9" ], "defaultStatus": "affected", "packageName": "rhbk/keycloak-operator-bundle", "product": "Red Hat build of Keycloak 22", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "22.0.10-1", "versionType": "rpm" } ] }, { "collectionURL": "https://catalog.redhat.com/software/containers/", "cpes": [ "cpe:/a:redhat:build_keycloak:22::el9" ], "defaultStatus": "affected", "packageName": "rhbk/keycloak-rhel9", "product": "Red Hat build of Keycloak 22", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "22-13", "versionType": "rpm" } ] }, { "collectionURL": "https://catalog.redhat.com/software/containers/", "cpes": [ "cpe:/a:redhat:build_keycloak:22::el9" ], "defaultStatus": "affected", "packageName": "rhbk/keycloak-rhel9-operator", "product": "Red Hat build of Keycloak 22", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "22-16", "versionType": "rpm" } ] }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:build_keycloak:22" ], "defaultStatus": "unaffected", "packageName": "keycloak", "product": "Red Hat build of Keycloak 22.0.10", "vendor": "Red Hat" }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:red_hat_single_sign_on:7.6::el7" ], "defaultStatus": "affected", "packageName": "rh-sso7-keycloak", "product": "Red Hat Single Sign-On 7.6 for RHEL 7", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "0:18.0.13-1.redhat_00001.1.el7sso", "versionType": "rpm" } ] }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:red_hat_single_sign_on:7.6::el8" ], "defaultStatus": "affected", "packageName": "rh-sso7-keycloak", "product": "Red Hat Single Sign-On 7.6 for RHEL 8", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "0:18.0.13-1.redhat_00001.1.el8sso", "versionType": "rpm" } ] }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:red_hat_single_sign_on:7.6::el9" ], "defaultStatus": "affected", "packageName": "rh-sso7-keycloak", "product": "Red Hat Single Sign-On 7.6 for RHEL 9", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "0:18.0.13-1.redhat_00001.1.el9sso", "versionType": "rpm" } ] }, { "collectionURL": "https://catalog.redhat.com/software/containers/", "cpes": [ "cpe:/a:redhat:rhosemc:1.0::el8" ], "defaultStatus": "affected", "packageName": "rh-sso-7/sso76-openshift-rhel8", "product": "RHEL-8 based Middleware Containers", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "7.6-46", "versionType": "rpm" } ] }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:red_hat_single_sign_on:7.6" ], "defaultStatus": "unaffected", "packageName": "keycloak", "product": "RHSSO 7.6.8", "vendor": "Red Hat" }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:service_registry:2" ], "defaultStatus": "affected", "packageName": "keycloak", "product": "Red Hat build of Apicurio Registry", "vendor": "Red Hat" }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:quarkus:3" ], "defaultStatus": "affected", "packageName": "org.keycloak/keycloak-core", "product": "Red Hat build of Quarkus", "vendor": "Red Hat" }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:jboss_data_grid:8" ], "defaultStatus": "unaffected", "packageName": "org.wildfly.security-wildfly-elytron-parent", "product": "Red Hat Data Grid 8", "vendor": "Red Hat" }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:jboss_enterprise_brms_platform:7" ], "defaultStatus": "unknown", "packageName": "keycloak", "product": "Red Hat Decision Manager 7", "vendor": "Red Hat" }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:jboss_fuse:7" ], "defaultStatus": "affected", "packageName": "keycloak", "product": "Red Hat Fuse 7", "vendor": "Red Hat" }, { "collectionURL": "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html", "cpes": [ "cpe:/a:redhat:jboss_data_grid:7" ], "defaultStatus": "unaffected", "packageName": "keycloak", "product": "Red Hat JBoss Data Grid 7", "vendor": "Red Hat" }, { "collectionURL": "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html", "cpes": [ "cpe:/a:redhat:jboss_enterprise_application_platform:6" ], "defaultStatus": "unknown", "packageName": "keycloak", "product": "Red Hat JBoss Enterprise Application Platform 6", "vendor": "Red Hat" }, { "collectionURL": "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html", "cpes": [ "cpe:/a:redhat:jboss_enterprise_application_platform:7" ], "defaultStatus": "unaffected", "packageName": "keycloak", "product": "Red Hat JBoss Enterprise Application Platform 7", "vendor": "Red Hat" }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:jboss_enterprise_bpms_platform:7" ], "defaultStatus": "affected", "packageName": "keycloak", "product": "Red Hat Process Automation 7", "vendor": "Red Hat" } ], "credits": [ { "lang": "en", "value": "Red Hat would like to thank Axel Flamcourt for reporting this issue." } ], "datePublic": "2024-04-16T00:00:00+00:00", "descriptions": [ { "lang": "en", "value": "A flaw was found in Keycloak, where it does not properly validate URLs included in a redirect. This issue could allow an attacker to construct a malicious request to bypass validation and access other URLs and sensitive information within the domain or conduct further attacks. This flaw affects any client that utilizes a wildcard in the Valid Redirect URIs field, and requires user interaction within the malicious URL." } ], "metrics": [ { "other": { "content": { "namespace": "https://access.redhat.com/security/updates/classification/", "value": "Important" }, "type": "Red Hat severity rating" } }, { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 8.1, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N", "version": "3.1" }, "format": "CVSS" } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-22", "description": "Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2024-10-22T01:19:27.880Z", "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat" }, "references": [ { "name": "RHSA-2024:1860", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2024:1860" }, { "name": "RHSA-2024:1861", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2024:1861" }, { "name": "RHSA-2024:1862", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2024:1862" }, { "name": "RHSA-2024:1864", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2024:1864" }, { "name": "RHSA-2024:1866", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2024:1866" }, { "name": "RHSA-2024:1867", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2024:1867" }, { "name": "RHSA-2024:1868", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2024:1868" }, { "name": "RHSA-2024:2945", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2024:2945" }, { "name": "RHSA-2024:3752", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2024:3752" }, { "name": "RHSA-2024:3762", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2024:3762" }, { "name": "RHSA-2024:3919", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2024:3919" }, { "name": "RHSA-2024:3989", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2024:3989" }, { "tags": [ "vdb-entry", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/security/cve/CVE-2024-1132" }, { "name": "RHBZ#2262117", "tags": [ "issue-tracking", "x_refsource_REDHAT" ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2262117" } ], "timeline": [ { "lang": "en", "time": "2024-01-31T00:00:00+00:00", "value": "Reported to Red Hat." }, { "lang": "en", "time": "2024-04-16T00:00:00+00:00", "value": "Made public." } ], "title": "Keycloak: path transversal in redirection validation", "workarounds": [ { "lang": "en", "value": "No current mitigation is available for this vulnerability." } ], "x_redhatCweChain": "CWE-22: Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)" } }, "cveMetadata": { "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "cveId": "CVE-2024-1132", "datePublished": "2024-04-17T13:21:19.130Z", "dateReserved": "2024-01-31T17:07:33.455Z", "dateUpdated": "2024-10-22T01:19:27.880Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2024-1300
Vulnerability from cvelistv5
Published
2024-04-02 07:33
Modified
2024-11-15 21:03
Severity ?
EPSS score ?
Summary
Io.vertx:vertx-core: memory leak when a tcp server is configured with tls and sni support
References
▼ | URL | Tags |
---|---|---|
https://access.redhat.com/errata/RHSA-2024:1662 | vendor-advisory, x_refsource_REDHAT | |
https://access.redhat.com/errata/RHSA-2024:1706 | vendor-advisory, x_refsource_REDHAT | |
https://access.redhat.com/errata/RHSA-2024:1923 | vendor-advisory, x_refsource_REDHAT | |
https://access.redhat.com/errata/RHSA-2024:2088 | vendor-advisory, x_refsource_REDHAT | |
https://access.redhat.com/errata/RHSA-2024:2833 | vendor-advisory, x_refsource_REDHAT | |
https://access.redhat.com/errata/RHSA-2024:3527 | vendor-advisory, x_refsource_REDHAT | |
https://access.redhat.com/errata/RHSA-2024:3989 | vendor-advisory, x_refsource_REDHAT | |
https://access.redhat.com/errata/RHSA-2024:4884 | vendor-advisory, x_refsource_REDHAT | |
https://access.redhat.com/security/cve/CVE-2024-1300 | vdb-entry, x_refsource_REDHAT | |
https://bugzilla.redhat.com/show_bug.cgi?id=2263139 | issue-tracking, x_refsource_REDHAT | |
https://vertx.io/docs/vertx-core/java/#_server_name_indication_sni. |
Impacted products
{ "containers": { "adp": [ { "metrics": [ { "other": { "content": { "id": "CVE-2024-1300", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2024-04-02T15:16:36.592165Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-06-20T19:53:23.394Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" }, { "providerMetadata": { "dateUpdated": "2024-08-01T18:33:25.527Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "RHSA-2024:1662", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2024:1662" }, { "name": "RHSA-2024:1706", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2024:1706" }, { "name": "RHSA-2024:1923", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2024:1923" }, { "name": "RHSA-2024:2088", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2024:2088" }, { "name": "RHSA-2024:2833", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2024:2833" }, { "name": "RHSA-2024:3527", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2024:3527" }, { "name": "RHSA-2024:3989", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2024:3989" }, { "name": "RHSA-2024:4884", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2024:4884" }, { "tags": [ "vdb-entry", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/security/cve/CVE-2024-1300" }, { "name": "RHBZ#2263139", "tags": [ "issue-tracking", "x_refsource_REDHAT", "x_transferred" ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2263139" }, { "tags": [ "x_transferred" ], "url": "https://vertx.io/docs/vertx-core/java/#_server_name_indication_sni." } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "collectionURL": "https://vertx.io/docs/vertx-core/java/", "defaultStatus": "unaffected", "packageName": "io.vertx:vertx-core", "versions": [ { "lessThanOrEqual": "4.5.2", "status": "affected", "version": "4.3.4", "versionType": "semver" } ] }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:camel_quarkus:3" ], "defaultStatus": "unaffected", "packageName": "vertx-core", "product": "CEQ 3.2", "vendor": "Red Hat" }, { "collectionURL": "https://catalog.redhat.com/software/containers/", "cpes": [ "cpe:/a:redhat:cryostat:2::el8" ], "defaultStatus": "affected", "packageName": "cryostat-tech-preview/cryostat-grafana-dashboard-rhel8", "product": "Cryostat 2 on RHEL 8", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "2.4.0-7", "versionType": "rpm" } ] }, { "collectionURL": "https://catalog.redhat.com/software/containers/", "cpes": [ "cpe:/a:redhat:cryostat:2::el8" ], "defaultStatus": "affected", "packageName": "cryostat-tech-preview/cryostat-operator-bundle", "product": "Cryostat 2 on RHEL 8", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "2.4.0-4", "versionType": "rpm" } ] }, { "collectionURL": "https://catalog.redhat.com/software/containers/", "cpes": [ "cpe:/a:redhat:cryostat:2::el8" ], "defaultStatus": "affected", "packageName": "cryostat-tech-preview/cryostat-reports-rhel8", "product": "Cryostat 2 on RHEL 8", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "2.4.0-4", "versionType": "rpm" } ] }, { "collectionURL": "https://catalog.redhat.com/software/containers/", "cpes": [ "cpe:/a:redhat:cryostat:2::el8" ], "defaultStatus": "affected", "packageName": "cryostat-tech-preview/cryostat-rhel8", "product": "Cryostat 2 on RHEL 8", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "2.4.0-4", "versionType": "rpm" } ] }, { "collectionURL": "https://catalog.redhat.com/software/containers/", "cpes": [ "cpe:/a:redhat:cryostat:2::el8" ], "defaultStatus": "affected", "packageName": "cryostat-tech-preview/cryostat-rhel8-operator", "product": "Cryostat 2 on RHEL 8", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "2.4.0-9", "versionType": "rpm" } ] }, { "collectionURL": "https://catalog.redhat.com/software/containers/", "cpes": [ "cpe:/a:redhat:cryostat:2::el8" ], "defaultStatus": "affected", "packageName": "cryostat-tech-preview/jfr-datasource-rhel8", "product": "Cryostat 2 on RHEL 8", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "2.4.0-4", "versionType": "rpm" } ] }, { "collectionURL": "https://catalog.redhat.com/software/containers/", "cpes": [ "cpe:/a:redhat:migration_toolkit_runtimes:1.0::el8" ], "defaultStatus": "affected", "packageName": "mtr/mtr-operator-bundle", "product": "Migration Toolkit for Runtimes 1 on RHEL 8", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "1.2-18", "versionType": "rpm" } ] }, { "collectionURL": "https://catalog.redhat.com/software/containers/", "cpes": [ "cpe:/a:redhat:migration_toolkit_runtimes:1.0::el8" ], "defaultStatus": "affected", "packageName": "mtr/mtr-rhel8-operator", "product": "Migration Toolkit for Runtimes 1 on RHEL 8", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "1.2-11", "versionType": "rpm" } ] }, { "collectionURL": "https://catalog.redhat.com/software/containers/", "cpes": [ "cpe:/a:redhat:migration_toolkit_runtimes:1.0::el8" ], "defaultStatus": "affected", "packageName": "mtr/mtr-web-container-rhel8", "product": "Migration Toolkit for Runtimes 1 on RHEL 8", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "1.2-12", "versionType": "rpm" } ] }, { "collectionURL": "https://catalog.redhat.com/software/containers/", "cpes": [ "cpe:/a:redhat:migration_toolkit_runtimes:1.0::el8" ], "defaultStatus": "affected", "packageName": "mtr/mtr-web-executor-container-rhel8", "product": "Migration Toolkit for Runtimes 1 on RHEL 8", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "1.2-10", "versionType": "rpm" } ] }, { "collectionURL": "https://catalog.redhat.com/software/containers/", "cpes": [ "cpe:/a:redhat:migration_toolkit_applications:6.2::el9", "cpe:/a:redhat:migration_toolkit_applications:6.2::el8" ], "defaultStatus": "affected", "packageName": "mta/mta-windup-addon-rhel9", "product": "MTA-6.2-RHEL-9", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "6.2.3-2", "versionType": "rpm" } ] }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:amq_streams:2" ], "defaultStatus": "unaffected", "packageName": "vertx-core", "product": "Red Hat AMQ Streams 2.7.0", "vendor": "Red Hat" }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:apache_camel_spring_boot:4.4.1" ], "defaultStatus": "unaffected", "packageName": "vertx-core", "product": "Red Hat build of Apache Camel 4.4.1 for Spring Boot", "vendor": "Red Hat" }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:quarkus:3.2::el8" ], "defaultStatus": "affected", "packageName": "io.vertx/vertx-core", "product": "Red Hat build of Quarkus 3.2.11.Final", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "4.4.8.redhat-00001", "versionType": "rpm" } ] }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:service_registry:2.5" ], "defaultStatus": "unaffected", "packageName": "vertx-core", "product": "RHINT Service Registry 2.5.11 GA", "vendor": "Red Hat" }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:a_mq_clients:2" ], "defaultStatus": "unaffected", "packageName": "vertx-core", "product": "A-MQ Clients 2", "vendor": "Red Hat" }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:serverless:1" ], "defaultStatus": "unaffected", "packageName": "vertx-core", "product": "OpenShift Serverless", "vendor": "Red Hat" }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:amq_broker:7" ], "defaultStatus": "unaffected", "packageName": "vertx-core", "product": "Red Hat AMQ Broker 7", "vendor": "Red Hat" }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:camel_spring_boot:3" ], "defaultStatus": "affected", "packageName": "vertx-core", "product": "Red Hat build of Apache Camel for Spring Boot 3", "vendor": "Red Hat" }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:build_keycloak:" ], "defaultStatus": "affected", "packageName": "vertx-core", "product": "Red Hat Build of Keycloak", "vendor": "Red Hat" }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:optaplanner:::el6" ], "defaultStatus": "affected", "packageName": "vertx-core", "product": "Red Hat build of OptaPlanner 8", "vendor": "Red Hat" }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:quarkus:2" ], "defaultStatus": "affected", "packageName": "io.vertx/vertx-core", "product": "Red Hat build of Quarkus", "vendor": "Red Hat" }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:jboss_data_grid:8" ], "defaultStatus": "unaffected", "packageName": "vertx-core", "product": "Red Hat Data Grid 8", "vendor": "Red Hat" }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:jboss_fuse:7" ], "defaultStatus": "unaffected", "packageName": "vertx-core", "product": "Red Hat Fuse 7", "vendor": "Red Hat" }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:integration:1" ], "defaultStatus": "affected", "packageName": "vertx-core", "product": "Red Hat Integration Camel K", "vendor": "Red Hat" }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:camel_quarkus:2" ], "defaultStatus": "affected", "packageName": "vertx-core", "product": "Red Hat Integration Camel Quarkus", "vendor": "Red Hat" }, { "collectionURL": "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html", "cpes": [ "cpe:/a:redhat:jboss_data_grid:7" ], "defaultStatus": "affected", "packageName": "vertx-core", "product": "Red Hat JBoss Data Grid 7", "vendor": "Red Hat" }, { "collectionURL": "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html", "cpes": [ "cpe:/a:redhat:jboss_enterprise_application_platform:7" ], "defaultStatus": "unaffected", "packageName": "vertx-core", "product": "Red Hat JBoss Enterprise Application Platform 7", "vendor": "Red Hat" }, { "collectionURL": "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html", "cpes": [ "cpe:/a:redhat:jboss_enterprise_application_platform:8" ], "defaultStatus": "unaffected", "packageName": "vertx-core", "product": "Red Hat JBoss Enterprise Application Platform 8", "vendor": "Red Hat" }, { "collectionURL": "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html", "cpes": [ "cpe:/a:redhat:jbosseapxp" ], "defaultStatus": "unaffected", "packageName": "vertx-core", "product": "Red Hat JBoss Enterprise Application Platform Expansion Pack", "vendor": "Red Hat" }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:jboss_enterprise_bpms_platform:7" ], "defaultStatus": "affected", "packageName": "vertx-core", "product": "Red Hat Process Automation 7", "vendor": "Red Hat" } ], "datePublic": "2024-02-06T00:00:00+00:00", "descriptions": [ { "lang": "en", "value": "A vulnerability in the Eclipse Vert.x toolkit causes a memory leak in TCP servers configured with TLS and SNI support. When processing an unknown SNI server name assigned the default certificate instead of a mapped certificate, the SSL context is erroneously cached in the server name map, leading to memory exhaustion. This flaw allows attackers to send TLS client hello messages with fake server names, triggering a JVM out-of-memory error." } ], "metrics": [ { "other": { "content": { "namespace": "https://access.redhat.com/security/updates/classification/", "value": "Moderate" }, "type": "Red Hat severity rating" } }, { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 5.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:L", "version": "3.1" }, "format": "CVSS" } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-400", "description": "Uncontrolled Resource Consumption", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2024-11-15T21:03:29.385Z", "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat" }, "references": [ { "name": "RHSA-2024:1662", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2024:1662" }, { "name": "RHSA-2024:1706", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2024:1706" }, { "name": "RHSA-2024:1923", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2024:1923" }, { "name": "RHSA-2024:2088", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2024:2088" }, { "name": "RHSA-2024:2833", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2024:2833" }, { "name": "RHSA-2024:3527", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2024:3527" }, { "name": "RHSA-2024:3989", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2024:3989" }, { "name": "RHSA-2024:4884", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2024:4884" }, { "tags": [ "vdb-entry", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/security/cve/CVE-2024-1300" }, { "name": "RHBZ#2263139", "tags": [ "issue-tracking", "x_refsource_REDHAT" ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2263139" }, { "url": "https://vertx.io/docs/vertx-core/java/#_server_name_indication_sni." } ], "timeline": [ { "lang": "en", "time": "2024-02-07T00:00:00+00:00", "value": "Reported to Red Hat." }, { "lang": "en", "time": "2024-02-06T00:00:00+00:00", "value": "Made public." } ], "title": "Io.vertx:vertx-core: memory leak when a tcp server is configured with tls and sni support", "workarounds": [ { "lang": "en", "value": "Mitigation for this issue is either not available or the currently available options don\u0027t meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability." } ], "x_redhatCweChain": "CWE-400: Uncontrolled Resource Consumption" } }, "cveMetadata": { "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "cveId": "CVE-2024-1300", "datePublished": "2024-04-02T07:33:05.215Z", "dateReserved": "2024-02-07T07:11:11.156Z", "dateUpdated": "2024-11-15T21:03:29.385Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }