csaf_redhat - rhsa-2024

rhsa-2024_1923

Vulnerability from csaf_redhat

Published

2024-04-18 11:43

Modified

2024-09-18 08:46

Summary

Red Hat Security Advisory: Migration Toolkit for Runtimes security, bug fix and enhancement update

Notes

Topic

Migration Toolkit for Runtimes 1.2.5 release Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Details

Migration Toolkit for Runtimes 1.2.5 Images Security Fix(es): * vertx-core: memory leak when a TCP server is configured with TLS and SNI support (CVE-2024-1300) * commons-compress: OutOfMemoryError unpacking broken Pack200 file (CVE-2024-26308) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "namespace": "https://access.redhat.com/security/updates/classification/",
      "text": "Moderate"
    },
    "category": "csaf_vex",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en",
    "notes": [
      {
        "category": "summary",
        "text": "Migration Toolkit for Runtimes 1.2.5 release\n\nRed Hat Product Security has rated this update as having a security impact of\nModerate. A Common Vulnerability Scoring System (CVSS) base score, which gives a\ndetailed severity rating, is available for each vulnerability from the CVE\nlink(s) in the References section.",
        "title": "Topic"
      },
      {
        "category": "general",
        "text": "Migration Toolkit for Runtimes 1.2.5 Images\n\nSecurity Fix(es):\n\n* vertx-core: memory leak when a TCP server is configured with TLS and SNI support (CVE-2024-1300)\n\n* commons-compress: OutOfMemoryError unpacking broken Pack200 file (CVE-2024-26308)\n\nFor more details about the security issue(s), including the impact, a CVSS\nscore, acknowledgments, and other related information, refer to the CVE page(s)\nlisted in the References section.",
        "title": "Details"
      },
      {
        "category": "legal_disclaimer",
        "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
        "title": "Terms of Use"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "https://access.redhat.com/security/team/contact/",
      "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat offerings.",
      "name": "Red Hat Product Security",
      "namespace": "https://www.redhat.com"
    },
    "references": [
      {
        "category": "self",
        "summary": "https://access.redhat.com/errata/RHSA-2024:1923",
        "url": "https://access.redhat.com/errata/RHSA-2024:1923"
      },
      {
        "category": "external",
        "summary": "https://access.redhat.com/security/updates/classification/#moderate",
        "url": "https://access.redhat.com/security/updates/classification/#moderate"
      },
      {
        "category": "external",
        "summary": "2263139",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2263139"
      },
      {
        "category": "external",
        "summary": "2264989",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2264989"
      },
      {
        "category": "external",
        "summary": "WINDUPRULE-1043",
        "url": "https://issues.redhat.com/browse/WINDUPRULE-1043"
      },
      {
        "category": "self",
        "summary": "Canonical URL",
        "url": "https://access.redhat.com/security/data/csaf/v2/advisories/2024/rhsa-2024_1923.json"
      }
    ],
    "title": "Red Hat Security Advisory: Migration Toolkit for Runtimes security, bug fix and enhancement update",
    "tracking": {
      "current_release_date": "2024-09-18T08:46:24+00:00",
      "generator": {
        "date": "2024-09-18T08:46:24+00:00",
        "engine": {
          "name": "Red Hat SDEngine",
          "version": "3.33.3"
        }
      },
      "id": "RHSA-2024:1923",
      "initial_release_date": "2024-04-18T11:43:14+00:00",
      "revision_history": [
        {
          "date": "2024-04-18T11:43:14+00:00",
          "number": "1",
          "summary": "Initial version"
        },
        {
          "date": "2024-04-18T11:43:14+00:00",
          "number": "2",
          "summary": "Last updated version"
        },
        {
          "date": "2024-09-18T08:46:24+00:00",
          "number": "3",
          "summary": "Last generated version"
        }
      ],
      "status": "final",
      "version": "3"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_name",
                "name": "Migration Toolkit for Runtimes 1 on RHEL 8",
                "product": {
                  "name": "Migration Toolkit for Runtimes 1 on RHEL 8",
                  "product_id": "8Base-MTR-1",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:redhat:migration_toolkit_runtimes:1.0::el8"
                  }
                }
              }
            ],
            "category": "product_family",
            "name": "Migration Toolkit for Runtimes"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "mtr/mtr-operator-bundle@sha256:d12e0dacb99d6efa4cce47fe89f27eb6ebb3c64308d5b742d81b55fced08f63b_s390x",
                "product": {
                  "name": "mtr/mtr-operator-bundle@sha256:d12e0dacb99d6efa4cce47fe89f27eb6ebb3c64308d5b742d81b55fced08f63b_s390x",
                  "product_id": "mtr/mtr-operator-bundle@sha256:d12e0dacb99d6efa4cce47fe89f27eb6ebb3c64308d5b742d81b55fced08f63b_s390x",
                  "product_identification_helper": {
                    "purl": "pkg:oci/mtr-operator-bundle@sha256:d12e0dacb99d6efa4cce47fe89f27eb6ebb3c64308d5b742d81b55fced08f63b?arch=s390x\u0026repository_url=registry.redhat.io/mtr/mtr-operator-bundle\u0026tag=1.2-18"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "mtr/mtr-rhel8-operator@sha256:92b03b5cccbdbf5394b4ea7a8521395d1b7fdcb1de4569dafe646f00c1c10d4c_s390x",
                "product": {
                  "name": "mtr/mtr-rhel8-operator@sha256:92b03b5cccbdbf5394b4ea7a8521395d1b7fdcb1de4569dafe646f00c1c10d4c_s390x",
                  "product_id": "mtr/mtr-rhel8-operator@sha256:92b03b5cccbdbf5394b4ea7a8521395d1b7fdcb1de4569dafe646f00c1c10d4c_s390x",
                  "product_identification_helper": {
                    "purl": "pkg:oci/mtr-rhel8-operator@sha256:92b03b5cccbdbf5394b4ea7a8521395d1b7fdcb1de4569dafe646f00c1c10d4c?arch=s390x\u0026repository_url=registry.redhat.io/mtr/mtr-rhel8-operator\u0026tag=1.2-11"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "mtr/mtr-web-container-rhel8@sha256:9052080bb46a5009e1497a198618b76311c6eefd386810da38d5d04ea05606c4_s390x",
                "product": {
                  "name": "mtr/mtr-web-container-rhel8@sha256:9052080bb46a5009e1497a198618b76311c6eefd386810da38d5d04ea05606c4_s390x",
                  "product_id": "mtr/mtr-web-container-rhel8@sha256:9052080bb46a5009e1497a198618b76311c6eefd386810da38d5d04ea05606c4_s390x",
                  "product_identification_helper": {
                    "purl": "pkg:oci/mtr-web-container-rhel8@sha256:9052080bb46a5009e1497a198618b76311c6eefd386810da38d5d04ea05606c4?arch=s390x\u0026repository_url=registry.redhat.io/mtr/mtr-web-container-rhel8\u0026tag=1.2-12"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "mtr/mtr-web-executor-container-rhel8@sha256:1b09f65401896e35e4ad5bc4979baafb0600f83630ee97173033195f030271db_s390x",
                "product": {
                  "name": "mtr/mtr-web-executor-container-rhel8@sha256:1b09f65401896e35e4ad5bc4979baafb0600f83630ee97173033195f030271db_s390x",
                  "product_id": "mtr/mtr-web-executor-container-rhel8@sha256:1b09f65401896e35e4ad5bc4979baafb0600f83630ee97173033195f030271db_s390x",
                  "product_identification_helper": {
                    "purl": "pkg:oci/mtr-web-executor-container-rhel8@sha256:1b09f65401896e35e4ad5bc4979baafb0600f83630ee97173033195f030271db?arch=s390x\u0026repository_url=registry.redhat.io/mtr/mtr-web-executor-container-rhel8\u0026tag=1.2-10"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "s390x"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "mtr/mtr-operator-bundle@sha256:6818c3c795716c2cdb80050e705be0198aed6fef11d63fd28eeb8c21bf5fcb25_amd64",
                "product": {
                  "name": "mtr/mtr-operator-bundle@sha256:6818c3c795716c2cdb80050e705be0198aed6fef11d63fd28eeb8c21bf5fcb25_amd64",
                  "product_id": "mtr/mtr-operator-bundle@sha256:6818c3c795716c2cdb80050e705be0198aed6fef11d63fd28eeb8c21bf5fcb25_amd64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/mtr-operator-bundle@sha256:6818c3c795716c2cdb80050e705be0198aed6fef11d63fd28eeb8c21bf5fcb25?arch=amd64\u0026repository_url=registry.redhat.io/mtr/mtr-operator-bundle\u0026tag=1.2-18"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "mtr/mtr-rhel8-operator@sha256:a3d0772c5ebda63371edf4f53b78f053bd9035498304e9f2091a0b76c6c26153_amd64",
                "product": {
                  "name": "mtr/mtr-rhel8-operator@sha256:a3d0772c5ebda63371edf4f53b78f053bd9035498304e9f2091a0b76c6c26153_amd64",
                  "product_id": "mtr/mtr-rhel8-operator@sha256:a3d0772c5ebda63371edf4f53b78f053bd9035498304e9f2091a0b76c6c26153_amd64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/mtr-rhel8-operator@sha256:a3d0772c5ebda63371edf4f53b78f053bd9035498304e9f2091a0b76c6c26153?arch=amd64\u0026repository_url=registry.redhat.io/mtr/mtr-rhel8-operator\u0026tag=1.2-11"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "mtr/mtr-web-container-rhel8@sha256:6eb6177323899560f965b9b142335be8577bcd1330d86185545d25dfa97796ca_amd64",
                "product": {
                  "name": "mtr/mtr-web-container-rhel8@sha256:6eb6177323899560f965b9b142335be8577bcd1330d86185545d25dfa97796ca_amd64",
                  "product_id": "mtr/mtr-web-container-rhel8@sha256:6eb6177323899560f965b9b142335be8577bcd1330d86185545d25dfa97796ca_amd64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/mtr-web-container-rhel8@sha256:6eb6177323899560f965b9b142335be8577bcd1330d86185545d25dfa97796ca?arch=amd64\u0026repository_url=registry.redhat.io/mtr/mtr-web-container-rhel8\u0026tag=1.2-12"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "mtr/mtr-web-executor-container-rhel8@sha256:b1076f9d028b653ff74926f09abb291395a0eb5d13c7e1522bc199fed9f68646_amd64",
                "product": {
                  "name": "mtr/mtr-web-executor-container-rhel8@sha256:b1076f9d028b653ff74926f09abb291395a0eb5d13c7e1522bc199fed9f68646_amd64",
                  "product_id": "mtr/mtr-web-executor-container-rhel8@sha256:b1076f9d028b653ff74926f09abb291395a0eb5d13c7e1522bc199fed9f68646_amd64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/mtr-web-executor-container-rhel8@sha256:b1076f9d028b653ff74926f09abb291395a0eb5d13c7e1522bc199fed9f68646?arch=amd64\u0026repository_url=registry.redhat.io/mtr/mtr-web-executor-container-rhel8\u0026tag=1.2-10"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "amd64"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "mtr/mtr-operator-bundle@sha256:8f983034ba9454f79cc57f7a2d85dc50222638f576b454a1c8e9cd557665aaf3_arm64",
                "product": {
                  "name": "mtr/mtr-operator-bundle@sha256:8f983034ba9454f79cc57f7a2d85dc50222638f576b454a1c8e9cd557665aaf3_arm64",
                  "product_id": "mtr/mtr-operator-bundle@sha256:8f983034ba9454f79cc57f7a2d85dc50222638f576b454a1c8e9cd557665aaf3_arm64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/mtr-operator-bundle@sha256:8f983034ba9454f79cc57f7a2d85dc50222638f576b454a1c8e9cd557665aaf3?arch=arm64\u0026repository_url=registry.redhat.io/mtr/mtr-operator-bundle\u0026tag=1.2-18"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "mtr/mtr-rhel8-operator@sha256:3f19f1908b9e44ecebebe2c2fcd30f17632f2807275da0b766aeff9f44b88152_arm64",
                "product": {
                  "name": "mtr/mtr-rhel8-operator@sha256:3f19f1908b9e44ecebebe2c2fcd30f17632f2807275da0b766aeff9f44b88152_arm64",
                  "product_id": "mtr/mtr-rhel8-operator@sha256:3f19f1908b9e44ecebebe2c2fcd30f17632f2807275da0b766aeff9f44b88152_arm64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/mtr-rhel8-operator@sha256:3f19f1908b9e44ecebebe2c2fcd30f17632f2807275da0b766aeff9f44b88152?arch=arm64\u0026repository_url=registry.redhat.io/mtr/mtr-rhel8-operator\u0026tag=1.2-11"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "mtr/mtr-web-executor-container-rhel8@sha256:b604d2e9dd393d52ba64cb39eec10cfab62d60a0b142df967de57734c87ff310_arm64",
                "product": {
                  "name": "mtr/mtr-web-executor-container-rhel8@sha256:b604d2e9dd393d52ba64cb39eec10cfab62d60a0b142df967de57734c87ff310_arm64",
                  "product_id": "mtr/mtr-web-executor-container-rhel8@sha256:b604d2e9dd393d52ba64cb39eec10cfab62d60a0b142df967de57734c87ff310_arm64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/mtr-web-executor-container-rhel8@sha256:b604d2e9dd393d52ba64cb39eec10cfab62d60a0b142df967de57734c87ff310?arch=arm64\u0026repository_url=registry.redhat.io/mtr/mtr-web-executor-container-rhel8\u0026tag=1.2-10"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "arm64"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "mtr/mtr-operator-bundle@sha256:da17b288e5503ff99d747b07062368879799b661e4a7a6354c7162da7427ea7c_ppc64le",
                "product": {
                  "name": "mtr/mtr-operator-bundle@sha256:da17b288e5503ff99d747b07062368879799b661e4a7a6354c7162da7427ea7c_ppc64le",
                  "product_id": "mtr/mtr-operator-bundle@sha256:da17b288e5503ff99d747b07062368879799b661e4a7a6354c7162da7427ea7c_ppc64le",
                  "product_identification_helper": {
                    "purl": "pkg:oci/mtr-operator-bundle@sha256:da17b288e5503ff99d747b07062368879799b661e4a7a6354c7162da7427ea7c?arch=ppc64le\u0026repository_url=registry.redhat.io/mtr/mtr-operator-bundle\u0026tag=1.2-18"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "mtr/mtr-rhel8-operator@sha256:5e7df9c2c211b4a3230638efc87735fc702b01d42737eff48128150f02a6f204_ppc64le",
                "product": {
                  "name": "mtr/mtr-rhel8-operator@sha256:5e7df9c2c211b4a3230638efc87735fc702b01d42737eff48128150f02a6f204_ppc64le",
                  "product_id": "mtr/mtr-rhel8-operator@sha256:5e7df9c2c211b4a3230638efc87735fc702b01d42737eff48128150f02a6f204_ppc64le",
                  "product_identification_helper": {
                    "purl": "pkg:oci/mtr-rhel8-operator@sha256:5e7df9c2c211b4a3230638efc87735fc702b01d42737eff48128150f02a6f204?arch=ppc64le\u0026repository_url=registry.redhat.io/mtr/mtr-rhel8-operator\u0026tag=1.2-11"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "mtr/mtr-web-container-rhel8@sha256:86c57b36f6224c54305f7833c1452b9d3fe276f09b295978f8e95bc258593599_ppc64le",
                "product": {
                  "name": "mtr/mtr-web-container-rhel8@sha256:86c57b36f6224c54305f7833c1452b9d3fe276f09b295978f8e95bc258593599_ppc64le",
                  "product_id": "mtr/mtr-web-container-rhel8@sha256:86c57b36f6224c54305f7833c1452b9d3fe276f09b295978f8e95bc258593599_ppc64le",
                  "product_identification_helper": {
                    "purl": "pkg:oci/mtr-web-container-rhel8@sha256:86c57b36f6224c54305f7833c1452b9d3fe276f09b295978f8e95bc258593599?arch=ppc64le\u0026repository_url=registry.redhat.io/mtr/mtr-web-container-rhel8\u0026tag=1.2-12"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "mtr/mtr-web-executor-container-rhel8@sha256:f9607ef871579e739205639e31d22aad24dd777f0ae0959e9cf3a064d3d27ead_ppc64le",
                "product": {
                  "name": "mtr/mtr-web-executor-container-rhel8@sha256:f9607ef871579e739205639e31d22aad24dd777f0ae0959e9cf3a064d3d27ead_ppc64le",
                  "product_id": "mtr/mtr-web-executor-container-rhel8@sha256:f9607ef871579e739205639e31d22aad24dd777f0ae0959e9cf3a064d3d27ead_ppc64le",
                  "product_identification_helper": {
                    "purl": "pkg:oci/mtr-web-executor-container-rhel8@sha256:f9607ef871579e739205639e31d22aad24dd777f0ae0959e9cf3a064d3d27ead?arch=ppc64le\u0026repository_url=registry.redhat.io/mtr/mtr-web-executor-container-rhel8\u0026tag=1.2-10"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "ppc64le"
          }
        ],
        "category": "vendor",
        "name": "Red Hat"
      }
    ],
    "relationships": [
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "mtr/mtr-operator-bundle@sha256:6818c3c795716c2cdb80050e705be0198aed6fef11d63fd28eeb8c21bf5fcb25_amd64 as a component of Migration Toolkit for Runtimes 1 on RHEL 8",
          "product_id": "8Base-MTR-1:mtr/mtr-operator-bundle@sha256:6818c3c795716c2cdb80050e705be0198aed6fef11d63fd28eeb8c21bf5fcb25_amd64"
        },
        "product_reference": "mtr/mtr-operator-bundle@sha256:6818c3c795716c2cdb80050e705be0198aed6fef11d63fd28eeb8c21bf5fcb25_amd64",
        "relates_to_product_reference": "8Base-MTR-1"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "mtr/mtr-operator-bundle@sha256:8f983034ba9454f79cc57f7a2d85dc50222638f576b454a1c8e9cd557665aaf3_arm64 as a component of Migration Toolkit for Runtimes 1 on RHEL 8",
          "product_id": "8Base-MTR-1:mtr/mtr-operator-bundle@sha256:8f983034ba9454f79cc57f7a2d85dc50222638f576b454a1c8e9cd557665aaf3_arm64"
        },
        "product_reference": "mtr/mtr-operator-bundle@sha256:8f983034ba9454f79cc57f7a2d85dc50222638f576b454a1c8e9cd557665aaf3_arm64",
        "relates_to_product_reference": "8Base-MTR-1"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "mtr/mtr-operator-bundle@sha256:d12e0dacb99d6efa4cce47fe89f27eb6ebb3c64308d5b742d81b55fced08f63b_s390x as a component of Migration Toolkit for Runtimes 1 on RHEL 8",
          "product_id": "8Base-MTR-1:mtr/mtr-operator-bundle@sha256:d12e0dacb99d6efa4cce47fe89f27eb6ebb3c64308d5b742d81b55fced08f63b_s390x"
        },
        "product_reference": "mtr/mtr-operator-bundle@sha256:d12e0dacb99d6efa4cce47fe89f27eb6ebb3c64308d5b742d81b55fced08f63b_s390x",
        "relates_to_product_reference": "8Base-MTR-1"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "mtr/mtr-operator-bundle@sha256:da17b288e5503ff99d747b07062368879799b661e4a7a6354c7162da7427ea7c_ppc64le as a component of Migration Toolkit for Runtimes 1 on RHEL 8",
          "product_id": "8Base-MTR-1:mtr/mtr-operator-bundle@sha256:da17b288e5503ff99d747b07062368879799b661e4a7a6354c7162da7427ea7c_ppc64le"
        },
        "product_reference": "mtr/mtr-operator-bundle@sha256:da17b288e5503ff99d747b07062368879799b661e4a7a6354c7162da7427ea7c_ppc64le",
        "relates_to_product_reference": "8Base-MTR-1"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "mtr/mtr-rhel8-operator@sha256:3f19f1908b9e44ecebebe2c2fcd30f17632f2807275da0b766aeff9f44b88152_arm64 as a component of Migration Toolkit for Runtimes 1 on RHEL 8",
          "product_id": "8Base-MTR-1:mtr/mtr-rhel8-operator@sha256:3f19f1908b9e44ecebebe2c2fcd30f17632f2807275da0b766aeff9f44b88152_arm64"
        },
        "product_reference": "mtr/mtr-rhel8-operator@sha256:3f19f1908b9e44ecebebe2c2fcd30f17632f2807275da0b766aeff9f44b88152_arm64",
        "relates_to_product_reference": "8Base-MTR-1"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "mtr/mtr-rhel8-operator@sha256:5e7df9c2c211b4a3230638efc87735fc702b01d42737eff48128150f02a6f204_ppc64le as a component of Migration Toolkit for Runtimes 1 on RHEL 8",
          "product_id": "8Base-MTR-1:mtr/mtr-rhel8-operator@sha256:5e7df9c2c211b4a3230638efc87735fc702b01d42737eff48128150f02a6f204_ppc64le"
        },
        "product_reference": "mtr/mtr-rhel8-operator@sha256:5e7df9c2c211b4a3230638efc87735fc702b01d42737eff48128150f02a6f204_ppc64le",
        "relates_to_product_reference": "8Base-MTR-1"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "mtr/mtr-rhel8-operator@sha256:92b03b5cccbdbf5394b4ea7a8521395d1b7fdcb1de4569dafe646f00c1c10d4c_s390x as a component of Migration Toolkit for Runtimes 1 on RHEL 8",
          "product_id": "8Base-MTR-1:mtr/mtr-rhel8-operator@sha256:92b03b5cccbdbf5394b4ea7a8521395d1b7fdcb1de4569dafe646f00c1c10d4c_s390x"
        },
        "product_reference": "mtr/mtr-rhel8-operator@sha256:92b03b5cccbdbf5394b4ea7a8521395d1b7fdcb1de4569dafe646f00c1c10d4c_s390x",
        "relates_to_product_reference": "8Base-MTR-1"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "mtr/mtr-rhel8-operator@sha256:a3d0772c5ebda63371edf4f53b78f053bd9035498304e9f2091a0b76c6c26153_amd64 as a component of Migration Toolkit for Runtimes 1 on RHEL 8",
          "product_id": "8Base-MTR-1:mtr/mtr-rhel8-operator@sha256:a3d0772c5ebda63371edf4f53b78f053bd9035498304e9f2091a0b76c6c26153_amd64"
        },
        "product_reference": "mtr/mtr-rhel8-operator@sha256:a3d0772c5ebda63371edf4f53b78f053bd9035498304e9f2091a0b76c6c26153_amd64",
        "relates_to_product_reference": "8Base-MTR-1"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "mtr/mtr-web-container-rhel8@sha256:6eb6177323899560f965b9b142335be8577bcd1330d86185545d25dfa97796ca_amd64 as a component of Migration Toolkit for Runtimes 1 on RHEL 8",
          "product_id": "8Base-MTR-1:mtr/mtr-web-container-rhel8@sha256:6eb6177323899560f965b9b142335be8577bcd1330d86185545d25dfa97796ca_amd64"
        },
        "product_reference": "mtr/mtr-web-container-rhel8@sha256:6eb6177323899560f965b9b142335be8577bcd1330d86185545d25dfa97796ca_amd64",
        "relates_to_product_reference": "8Base-MTR-1"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "mtr/mtr-web-container-rhel8@sha256:86c57b36f6224c54305f7833c1452b9d3fe276f09b295978f8e95bc258593599_ppc64le as a component of Migration Toolkit for Runtimes 1 on RHEL 8",
          "product_id": "8Base-MTR-1:mtr/mtr-web-container-rhel8@sha256:86c57b36f6224c54305f7833c1452b9d3fe276f09b295978f8e95bc258593599_ppc64le"
        },
        "product_reference": "mtr/mtr-web-container-rhel8@sha256:86c57b36f6224c54305f7833c1452b9d3fe276f09b295978f8e95bc258593599_ppc64le",
        "relates_to_product_reference": "8Base-MTR-1"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "mtr/mtr-web-container-rhel8@sha256:9052080bb46a5009e1497a198618b76311c6eefd386810da38d5d04ea05606c4_s390x as a component of Migration Toolkit for Runtimes 1 on RHEL 8",
          "product_id": "8Base-MTR-1:mtr/mtr-web-container-rhel8@sha256:9052080bb46a5009e1497a198618b76311c6eefd386810da38d5d04ea05606c4_s390x"
        },
        "product_reference": "mtr/mtr-web-container-rhel8@sha256:9052080bb46a5009e1497a198618b76311c6eefd386810da38d5d04ea05606c4_s390x",
        "relates_to_product_reference": "8Base-MTR-1"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "mtr/mtr-web-executor-container-rhel8@sha256:1b09f65401896e35e4ad5bc4979baafb0600f83630ee97173033195f030271db_s390x as a component of Migration Toolkit for Runtimes 1 on RHEL 8",
          "product_id": "8Base-MTR-1:mtr/mtr-web-executor-container-rhel8@sha256:1b09f65401896e35e4ad5bc4979baafb0600f83630ee97173033195f030271db_s390x"
        },
        "product_reference": "mtr/mtr-web-executor-container-rhel8@sha256:1b09f65401896e35e4ad5bc4979baafb0600f83630ee97173033195f030271db_s390x",
        "relates_to_product_reference": "8Base-MTR-1"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "mtr/mtr-web-executor-container-rhel8@sha256:b1076f9d028b653ff74926f09abb291395a0eb5d13c7e1522bc199fed9f68646_amd64 as a component of Migration Toolkit for Runtimes 1 on RHEL 8",
          "product_id": "8Base-MTR-1:mtr/mtr-web-executor-container-rhel8@sha256:b1076f9d028b653ff74926f09abb291395a0eb5d13c7e1522bc199fed9f68646_amd64"
        },
        "product_reference": "mtr/mtr-web-executor-container-rhel8@sha256:b1076f9d028b653ff74926f09abb291395a0eb5d13c7e1522bc199fed9f68646_amd64",
        "relates_to_product_reference": "8Base-MTR-1"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "mtr/mtr-web-executor-container-rhel8@sha256:b604d2e9dd393d52ba64cb39eec10cfab62d60a0b142df967de57734c87ff310_arm64 as a component of Migration Toolkit for Runtimes 1 on RHEL 8",
          "product_id": "8Base-MTR-1:mtr/mtr-web-executor-container-rhel8@sha256:b604d2e9dd393d52ba64cb39eec10cfab62d60a0b142df967de57734c87ff310_arm64"
        },
        "product_reference": "mtr/mtr-web-executor-container-rhel8@sha256:b604d2e9dd393d52ba64cb39eec10cfab62d60a0b142df967de57734c87ff310_arm64",
        "relates_to_product_reference": "8Base-MTR-1"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "mtr/mtr-web-executor-container-rhel8@sha256:f9607ef871579e739205639e31d22aad24dd777f0ae0959e9cf3a064d3d27ead_ppc64le as a component of Migration Toolkit for Runtimes 1 on RHEL 8",
          "product_id": "8Base-MTR-1:mtr/mtr-web-executor-container-rhel8@sha256:f9607ef871579e739205639e31d22aad24dd777f0ae0959e9cf3a064d3d27ead_ppc64le"
        },
        "product_reference": "mtr/mtr-web-executor-container-rhel8@sha256:f9607ef871579e739205639e31d22aad24dd777f0ae0959e9cf3a064d3d27ead_ppc64le",
        "relates_to_product_reference": "8Base-MTR-1"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2024-1300",
      "cwe": {
        "id": "CWE-400",
        "name": "Uncontrolled Resource Consumption"
      },
      "discovery_date": "2024-02-07T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2263139"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A vulnerability in the Eclipse Vert.x toolkit causes a memory leak in TCP servers configured with TLS and SNI support. When processing an unknown SNI server name assigned the default certificate instead of a mapped certificate, the SSL context is erroneously cached in the server name map, leading to memory exhaustion. This flaw allows attackers to send TLS client hello messages with fake server names, triggering a JVM out-of-memory error.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "io.vertx:vertx-core: memory leak when a TCP server is configured with TLS and SNI support",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "This affects only TLS servers with SNI enabled.",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "8Base-MTR-1:mtr/mtr-operator-bundle@sha256:6818c3c795716c2cdb80050e705be0198aed6fef11d63fd28eeb8c21bf5fcb25_amd64",
          "8Base-MTR-1:mtr/mtr-operator-bundle@sha256:8f983034ba9454f79cc57f7a2d85dc50222638f576b454a1c8e9cd557665aaf3_arm64",
          "8Base-MTR-1:mtr/mtr-operator-bundle@sha256:d12e0dacb99d6efa4cce47fe89f27eb6ebb3c64308d5b742d81b55fced08f63b_s390x",
          "8Base-MTR-1:mtr/mtr-operator-bundle@sha256:da17b288e5503ff99d747b07062368879799b661e4a7a6354c7162da7427ea7c_ppc64le",
          "8Base-MTR-1:mtr/mtr-rhel8-operator@sha256:3f19f1908b9e44ecebebe2c2fcd30f17632f2807275da0b766aeff9f44b88152_arm64",
          "8Base-MTR-1:mtr/mtr-rhel8-operator@sha256:5e7df9c2c211b4a3230638efc87735fc702b01d42737eff48128150f02a6f204_ppc64le",
          "8Base-MTR-1:mtr/mtr-rhel8-operator@sha256:92b03b5cccbdbf5394b4ea7a8521395d1b7fdcb1de4569dafe646f00c1c10d4c_s390x",
          "8Base-MTR-1:mtr/mtr-rhel8-operator@sha256:a3d0772c5ebda63371edf4f53b78f053bd9035498304e9f2091a0b76c6c26153_amd64",
          "8Base-MTR-1:mtr/mtr-web-container-rhel8@sha256:6eb6177323899560f965b9b142335be8577bcd1330d86185545d25dfa97796ca_amd64",
          "8Base-MTR-1:mtr/mtr-web-container-rhel8@sha256:86c57b36f6224c54305f7833c1452b9d3fe276f09b295978f8e95bc258593599_ppc64le",
          "8Base-MTR-1:mtr/mtr-web-container-rhel8@sha256:9052080bb46a5009e1497a198618b76311c6eefd386810da38d5d04ea05606c4_s390x",
          "8Base-MTR-1:mtr/mtr-web-executor-container-rhel8@sha256:1b09f65401896e35e4ad5bc4979baafb0600f83630ee97173033195f030271db_s390x",
          "8Base-MTR-1:mtr/mtr-web-executor-container-rhel8@sha256:b1076f9d028b653ff74926f09abb291395a0eb5d13c7e1522bc199fed9f68646_amd64",
          "8Base-MTR-1:mtr/mtr-web-executor-container-rhel8@sha256:b604d2e9dd393d52ba64cb39eec10cfab62d60a0b142df967de57734c87ff310_arm64",
          "8Base-MTR-1:mtr/mtr-web-executor-container-rhel8@sha256:f9607ef871579e739205639e31d22aad24dd777f0ae0959e9cf3a064d3d27ead_ppc64le"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2024-1300"
        },
        {
          "category": "external",
          "summary": "RHBZ#2263139",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2263139"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2024-1300",
          "url": "https://www.cve.org/CVERecord?id=CVE-2024-1300"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-1300",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-1300"
        },
        {
          "category": "external",
          "summary": "https://vertx.io/docs/vertx-core/java/#_server_name_indication_sni.",
          "url": "https://vertx.io/docs/vertx-core/java/#_server_name_indication_sni."
        }
      ],
      "release_date": "2024-02-06T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "Install the latest version of the Migration Toolkit for Runtimes from the Red Hat catalog in the OperatorHub page within your OpenShift instance.",
          "product_ids": [
            "8Base-MTR-1:mtr/mtr-operator-bundle@sha256:6818c3c795716c2cdb80050e705be0198aed6fef11d63fd28eeb8c21bf5fcb25_amd64",
            "8Base-MTR-1:mtr/mtr-operator-bundle@sha256:8f983034ba9454f79cc57f7a2d85dc50222638f576b454a1c8e9cd557665aaf3_arm64",
            "8Base-MTR-1:mtr/mtr-operator-bundle@sha256:d12e0dacb99d6efa4cce47fe89f27eb6ebb3c64308d5b742d81b55fced08f63b_s390x",
            "8Base-MTR-1:mtr/mtr-operator-bundle@sha256:da17b288e5503ff99d747b07062368879799b661e4a7a6354c7162da7427ea7c_ppc64le",
            "8Base-MTR-1:mtr/mtr-rhel8-operator@sha256:3f19f1908b9e44ecebebe2c2fcd30f17632f2807275da0b766aeff9f44b88152_arm64",
            "8Base-MTR-1:mtr/mtr-rhel8-operator@sha256:5e7df9c2c211b4a3230638efc87735fc702b01d42737eff48128150f02a6f204_ppc64le",
            "8Base-MTR-1:mtr/mtr-rhel8-operator@sha256:92b03b5cccbdbf5394b4ea7a8521395d1b7fdcb1de4569dafe646f00c1c10d4c_s390x",
            "8Base-MTR-1:mtr/mtr-rhel8-operator@sha256:a3d0772c5ebda63371edf4f53b78f053bd9035498304e9f2091a0b76c6c26153_amd64",
            "8Base-MTR-1:mtr/mtr-web-container-rhel8@sha256:6eb6177323899560f965b9b142335be8577bcd1330d86185545d25dfa97796ca_amd64",
            "8Base-MTR-1:mtr/mtr-web-container-rhel8@sha256:86c57b36f6224c54305f7833c1452b9d3fe276f09b295978f8e95bc258593599_ppc64le",
            "8Base-MTR-1:mtr/mtr-web-container-rhel8@sha256:9052080bb46a5009e1497a198618b76311c6eefd386810da38d5d04ea05606c4_s390x",
            "8Base-MTR-1:mtr/mtr-web-executor-container-rhel8@sha256:1b09f65401896e35e4ad5bc4979baafb0600f83630ee97173033195f030271db_s390x",
            "8Base-MTR-1:mtr/mtr-web-executor-container-rhel8@sha256:b1076f9d028b653ff74926f09abb291395a0eb5d13c7e1522bc199fed9f68646_amd64",
            "8Base-MTR-1:mtr/mtr-web-executor-container-rhel8@sha256:b604d2e9dd393d52ba64cb39eec10cfab62d60a0b142df967de57734c87ff310_arm64",
            "8Base-MTR-1:mtr/mtr-web-executor-container-rhel8@sha256:f9607ef871579e739205639e31d22aad24dd777f0ae0959e9cf3a064d3d27ead_ppc64le"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2024:1923"
        },
        {
          "category": "workaround",
          "details": "Mitigation for this issue is either not available or the currently available options don\u0027t meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
          "product_ids": [
            "8Base-MTR-1:mtr/mtr-operator-bundle@sha256:6818c3c795716c2cdb80050e705be0198aed6fef11d63fd28eeb8c21bf5fcb25_amd64",
            "8Base-MTR-1:mtr/mtr-operator-bundle@sha256:8f983034ba9454f79cc57f7a2d85dc50222638f576b454a1c8e9cd557665aaf3_arm64",
            "8Base-MTR-1:mtr/mtr-operator-bundle@sha256:d12e0dacb99d6efa4cce47fe89f27eb6ebb3c64308d5b742d81b55fced08f63b_s390x",
            "8Base-MTR-1:mtr/mtr-operator-bundle@sha256:da17b288e5503ff99d747b07062368879799b661e4a7a6354c7162da7427ea7c_ppc64le",
            "8Base-MTR-1:mtr/mtr-rhel8-operator@sha256:3f19f1908b9e44ecebebe2c2fcd30f17632f2807275da0b766aeff9f44b88152_arm64",
            "8Base-MTR-1:mtr/mtr-rhel8-operator@sha256:5e7df9c2c211b4a3230638efc87735fc702b01d42737eff48128150f02a6f204_ppc64le",
            "8Base-MTR-1:mtr/mtr-rhel8-operator@sha256:92b03b5cccbdbf5394b4ea7a8521395d1b7fdcb1de4569dafe646f00c1c10d4c_s390x",
            "8Base-MTR-1:mtr/mtr-rhel8-operator@sha256:a3d0772c5ebda63371edf4f53b78f053bd9035498304e9f2091a0b76c6c26153_amd64",
            "8Base-MTR-1:mtr/mtr-web-container-rhel8@sha256:6eb6177323899560f965b9b142335be8577bcd1330d86185545d25dfa97796ca_amd64",
            "8Base-MTR-1:mtr/mtr-web-container-rhel8@sha256:86c57b36f6224c54305f7833c1452b9d3fe276f09b295978f8e95bc258593599_ppc64le",
            "8Base-MTR-1:mtr/mtr-web-container-rhel8@sha256:9052080bb46a5009e1497a198618b76311c6eefd386810da38d5d04ea05606c4_s390x",
            "8Base-MTR-1:mtr/mtr-web-executor-container-rhel8@sha256:1b09f65401896e35e4ad5bc4979baafb0600f83630ee97173033195f030271db_s390x",
            "8Base-MTR-1:mtr/mtr-web-executor-container-rhel8@sha256:b1076f9d028b653ff74926f09abb291395a0eb5d13c7e1522bc199fed9f68646_amd64",
            "8Base-MTR-1:mtr/mtr-web-executor-container-rhel8@sha256:b604d2e9dd393d52ba64cb39eec10cfab62d60a0b142df967de57734c87ff310_arm64",
            "8Base-MTR-1:mtr/mtr-web-executor-container-rhel8@sha256:f9607ef871579e739205639e31d22aad24dd777f0ae0959e9cf3a064d3d27ead_ppc64le"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "LOW",
            "baseScore": 5.4,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:L",
            "version": "3.1"
          },
          "products": [
            "8Base-MTR-1:mtr/mtr-operator-bundle@sha256:6818c3c795716c2cdb80050e705be0198aed6fef11d63fd28eeb8c21bf5fcb25_amd64",
            "8Base-MTR-1:mtr/mtr-operator-bundle@sha256:8f983034ba9454f79cc57f7a2d85dc50222638f576b454a1c8e9cd557665aaf3_arm64",
            "8Base-MTR-1:mtr/mtr-operator-bundle@sha256:d12e0dacb99d6efa4cce47fe89f27eb6ebb3c64308d5b742d81b55fced08f63b_s390x",
            "8Base-MTR-1:mtr/mtr-operator-bundle@sha256:da17b288e5503ff99d747b07062368879799b661e4a7a6354c7162da7427ea7c_ppc64le",
            "8Base-MTR-1:mtr/mtr-rhel8-operator@sha256:3f19f1908b9e44ecebebe2c2fcd30f17632f2807275da0b766aeff9f44b88152_arm64",
            "8Base-MTR-1:mtr/mtr-rhel8-operator@sha256:5e7df9c2c211b4a3230638efc87735fc702b01d42737eff48128150f02a6f204_ppc64le",
            "8Base-MTR-1:mtr/mtr-rhel8-operator@sha256:92b03b5cccbdbf5394b4ea7a8521395d1b7fdcb1de4569dafe646f00c1c10d4c_s390x",
            "8Base-MTR-1:mtr/mtr-rhel8-operator@sha256:a3d0772c5ebda63371edf4f53b78f053bd9035498304e9f2091a0b76c6c26153_amd64",
            "8Base-MTR-1:mtr/mtr-web-container-rhel8@sha256:6eb6177323899560f965b9b142335be8577bcd1330d86185545d25dfa97796ca_amd64",
            "8Base-MTR-1:mtr/mtr-web-container-rhel8@sha256:86c57b36f6224c54305f7833c1452b9d3fe276f09b295978f8e95bc258593599_ppc64le",
            "8Base-MTR-1:mtr/mtr-web-container-rhel8@sha256:9052080bb46a5009e1497a198618b76311c6eefd386810da38d5d04ea05606c4_s390x",
            "8Base-MTR-1:mtr/mtr-web-executor-container-rhel8@sha256:1b09f65401896e35e4ad5bc4979baafb0600f83630ee97173033195f030271db_s390x",
            "8Base-MTR-1:mtr/mtr-web-executor-container-rhel8@sha256:b1076f9d028b653ff74926f09abb291395a0eb5d13c7e1522bc199fed9f68646_amd64",
            "8Base-MTR-1:mtr/mtr-web-executor-container-rhel8@sha256:b604d2e9dd393d52ba64cb39eec10cfab62d60a0b142df967de57734c87ff310_arm64",
            "8Base-MTR-1:mtr/mtr-web-executor-container-rhel8@sha256:f9607ef871579e739205639e31d22aad24dd777f0ae0959e9cf3a064d3d27ead_ppc64le"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "io.vertx:vertx-core: memory leak when a TCP server is configured with TLS and SNI support"
    },
    {
      "cve": "CVE-2024-26308",
      "cwe": {
        "id": "CWE-770",
        "name": "Allocation of Resources Without Limits or Throttling"
      },
      "discovery_date": "2024-02-19T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2264989"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "An allocation of resources without limits or throttling vulnerability was found in Apache Commons Compress. This issue can lead to an out-of-memory error.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "commons-compress: OutOfMemoryError unpacking broken Pack200 file",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "8Base-MTR-1:mtr/mtr-operator-bundle@sha256:6818c3c795716c2cdb80050e705be0198aed6fef11d63fd28eeb8c21bf5fcb25_amd64",
          "8Base-MTR-1:mtr/mtr-operator-bundle@sha256:8f983034ba9454f79cc57f7a2d85dc50222638f576b454a1c8e9cd557665aaf3_arm64",
          "8Base-MTR-1:mtr/mtr-operator-bundle@sha256:d12e0dacb99d6efa4cce47fe89f27eb6ebb3c64308d5b742d81b55fced08f63b_s390x",
          "8Base-MTR-1:mtr/mtr-operator-bundle@sha256:da17b288e5503ff99d747b07062368879799b661e4a7a6354c7162da7427ea7c_ppc64le",
          "8Base-MTR-1:mtr/mtr-rhel8-operator@sha256:3f19f1908b9e44ecebebe2c2fcd30f17632f2807275da0b766aeff9f44b88152_arm64",
          "8Base-MTR-1:mtr/mtr-rhel8-operator@sha256:5e7df9c2c211b4a3230638efc87735fc702b01d42737eff48128150f02a6f204_ppc64le",
          "8Base-MTR-1:mtr/mtr-rhel8-operator@sha256:92b03b5cccbdbf5394b4ea7a8521395d1b7fdcb1de4569dafe646f00c1c10d4c_s390x",
          "8Base-MTR-1:mtr/mtr-rhel8-operator@sha256:a3d0772c5ebda63371edf4f53b78f053bd9035498304e9f2091a0b76c6c26153_amd64",
          "8Base-MTR-1:mtr/mtr-web-container-rhel8@sha256:6eb6177323899560f965b9b142335be8577bcd1330d86185545d25dfa97796ca_amd64",
          "8Base-MTR-1:mtr/mtr-web-container-rhel8@sha256:86c57b36f6224c54305f7833c1452b9d3fe276f09b295978f8e95bc258593599_ppc64le",
          "8Base-MTR-1:mtr/mtr-web-container-rhel8@sha256:9052080bb46a5009e1497a198618b76311c6eefd386810da38d5d04ea05606c4_s390x",
          "8Base-MTR-1:mtr/mtr-web-executor-container-rhel8@sha256:1b09f65401896e35e4ad5bc4979baafb0600f83630ee97173033195f030271db_s390x",
          "8Base-MTR-1:mtr/mtr-web-executor-container-rhel8@sha256:b1076f9d028b653ff74926f09abb291395a0eb5d13c7e1522bc199fed9f68646_amd64",
          "8Base-MTR-1:mtr/mtr-web-executor-container-rhel8@sha256:b604d2e9dd393d52ba64cb39eec10cfab62d60a0b142df967de57734c87ff310_arm64",
          "8Base-MTR-1:mtr/mtr-web-executor-container-rhel8@sha256:f9607ef871579e739205639e31d22aad24dd777f0ae0959e9cf3a064d3d27ead_ppc64le"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2024-26308"
        },
        {
          "category": "external",
          "summary": "RHBZ#2264989",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2264989"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2024-26308",
          "url": "https://www.cve.org/CVERecord?id=CVE-2024-26308"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-26308",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-26308"
        },
        {
          "category": "external",
          "summary": "https://lists.apache.org/thread/ch5yo2d21p7vlqrhll9b17otbyq4npfg",
          "url": "https://lists.apache.org/thread/ch5yo2d21p7vlqrhll9b17otbyq4npfg"
        },
        {
          "category": "external",
          "summary": "https://www.openwall.com/lists/oss-security/2024/02/19/2",
          "url": "https://www.openwall.com/lists/oss-security/2024/02/19/2"
        }
      ],
      "release_date": "2024-02-19T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "Install the latest version of the Migration Toolkit for Runtimes from the Red Hat catalog in the OperatorHub page within your OpenShift instance.",
          "product_ids": [
            "8Base-MTR-1:mtr/mtr-operator-bundle@sha256:6818c3c795716c2cdb80050e705be0198aed6fef11d63fd28eeb8c21bf5fcb25_amd64",
            "8Base-MTR-1:mtr/mtr-operator-bundle@sha256:8f983034ba9454f79cc57f7a2d85dc50222638f576b454a1c8e9cd557665aaf3_arm64",
            "8Base-MTR-1:mtr/mtr-operator-bundle@sha256:d12e0dacb99d6efa4cce47fe89f27eb6ebb3c64308d5b742d81b55fced08f63b_s390x",
            "8Base-MTR-1:mtr/mtr-operator-bundle@sha256:da17b288e5503ff99d747b07062368879799b661e4a7a6354c7162da7427ea7c_ppc64le",
            "8Base-MTR-1:mtr/mtr-rhel8-operator@sha256:3f19f1908b9e44ecebebe2c2fcd30f17632f2807275da0b766aeff9f44b88152_arm64",
            "8Base-MTR-1:mtr/mtr-rhel8-operator@sha256:5e7df9c2c211b4a3230638efc87735fc702b01d42737eff48128150f02a6f204_ppc64le",
            "8Base-MTR-1:mtr/mtr-rhel8-operator@sha256:92b03b5cccbdbf5394b4ea7a8521395d1b7fdcb1de4569dafe646f00c1c10d4c_s390x",
            "8Base-MTR-1:mtr/mtr-rhel8-operator@sha256:a3d0772c5ebda63371edf4f53b78f053bd9035498304e9f2091a0b76c6c26153_amd64",
            "8Base-MTR-1:mtr/mtr-web-container-rhel8@sha256:6eb6177323899560f965b9b142335be8577bcd1330d86185545d25dfa97796ca_amd64",
            "8Base-MTR-1:mtr/mtr-web-container-rhel8@sha256:86c57b36f6224c54305f7833c1452b9d3fe276f09b295978f8e95bc258593599_ppc64le",
            "8Base-MTR-1:mtr/mtr-web-container-rhel8@sha256:9052080bb46a5009e1497a198618b76311c6eefd386810da38d5d04ea05606c4_s390x",
            "8Base-MTR-1:mtr/mtr-web-executor-container-rhel8@sha256:1b09f65401896e35e4ad5bc4979baafb0600f83630ee97173033195f030271db_s390x",
            "8Base-MTR-1:mtr/mtr-web-executor-container-rhel8@sha256:b1076f9d028b653ff74926f09abb291395a0eb5d13c7e1522bc199fed9f68646_amd64",
            "8Base-MTR-1:mtr/mtr-web-executor-container-rhel8@sha256:b604d2e9dd393d52ba64cb39eec10cfab62d60a0b142df967de57734c87ff310_arm64",
            "8Base-MTR-1:mtr/mtr-web-executor-container-rhel8@sha256:f9607ef871579e739205639e31d22aad24dd777f0ae0959e9cf3a064d3d27ead_ppc64le"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2024:1923"
        },
        {
          "category": "workaround",
          "details": "No mitigation is currently available for this vulnerability.",
          "product_ids": [
            "8Base-MTR-1:mtr/mtr-operator-bundle@sha256:6818c3c795716c2cdb80050e705be0198aed6fef11d63fd28eeb8c21bf5fcb25_amd64",
            "8Base-MTR-1:mtr/mtr-operator-bundle@sha256:8f983034ba9454f79cc57f7a2d85dc50222638f576b454a1c8e9cd557665aaf3_arm64",
            "8Base-MTR-1:mtr/mtr-operator-bundle@sha256:d12e0dacb99d6efa4cce47fe89f27eb6ebb3c64308d5b742d81b55fced08f63b_s390x",
            "8Base-MTR-1:mtr/mtr-operator-bundle@sha256:da17b288e5503ff99d747b07062368879799b661e4a7a6354c7162da7427ea7c_ppc64le",
            "8Base-MTR-1:mtr/mtr-rhel8-operator@sha256:3f19f1908b9e44ecebebe2c2fcd30f17632f2807275da0b766aeff9f44b88152_arm64",
            "8Base-MTR-1:mtr/mtr-rhel8-operator@sha256:5e7df9c2c211b4a3230638efc87735fc702b01d42737eff48128150f02a6f204_ppc64le",
            "8Base-MTR-1:mtr/mtr-rhel8-operator@sha256:92b03b5cccbdbf5394b4ea7a8521395d1b7fdcb1de4569dafe646f00c1c10d4c_s390x",
            "8Base-MTR-1:mtr/mtr-rhel8-operator@sha256:a3d0772c5ebda63371edf4f53b78f053bd9035498304e9f2091a0b76c6c26153_amd64",
            "8Base-MTR-1:mtr/mtr-web-container-rhel8@sha256:6eb6177323899560f965b9b142335be8577bcd1330d86185545d25dfa97796ca_amd64",
            "8Base-MTR-1:mtr/mtr-web-container-rhel8@sha256:86c57b36f6224c54305f7833c1452b9d3fe276f09b295978f8e95bc258593599_ppc64le",
            "8Base-MTR-1:mtr/mtr-web-container-rhel8@sha256:9052080bb46a5009e1497a198618b76311c6eefd386810da38d5d04ea05606c4_s390x",
            "8Base-MTR-1:mtr/mtr-web-executor-container-rhel8@sha256:1b09f65401896e35e4ad5bc4979baafb0600f83630ee97173033195f030271db_s390x",
            "8Base-MTR-1:mtr/mtr-web-executor-container-rhel8@sha256:b1076f9d028b653ff74926f09abb291395a0eb5d13c7e1522bc199fed9f68646_amd64",
            "8Base-MTR-1:mtr/mtr-web-executor-container-rhel8@sha256:b604d2e9dd393d52ba64cb39eec10cfab62d60a0b142df967de57734c87ff310_arm64",
            "8Base-MTR-1:mtr/mtr-web-executor-container-rhel8@sha256:f9607ef871579e739205639e31d22aad24dd777f0ae0959e9cf3a064d3d27ead_ppc64le"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 5.5,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "8Base-MTR-1:mtr/mtr-operator-bundle@sha256:6818c3c795716c2cdb80050e705be0198aed6fef11d63fd28eeb8c21bf5fcb25_amd64",
            "8Base-MTR-1:mtr/mtr-operator-bundle@sha256:8f983034ba9454f79cc57f7a2d85dc50222638f576b454a1c8e9cd557665aaf3_arm64",
            "8Base-MTR-1:mtr/mtr-operator-bundle@sha256:d12e0dacb99d6efa4cce47fe89f27eb6ebb3c64308d5b742d81b55fced08f63b_s390x",
            "8Base-MTR-1:mtr/mtr-operator-bundle@sha256:da17b288e5503ff99d747b07062368879799b661e4a7a6354c7162da7427ea7c_ppc64le",
            "8Base-MTR-1:mtr/mtr-rhel8-operator@sha256:3f19f1908b9e44ecebebe2c2fcd30f17632f2807275da0b766aeff9f44b88152_arm64",
            "8Base-MTR-1:mtr/mtr-rhel8-operator@sha256:5e7df9c2c211b4a3230638efc87735fc702b01d42737eff48128150f02a6f204_ppc64le",
            "8Base-MTR-1:mtr/mtr-rhel8-operator@sha256:92b03b5cccbdbf5394b4ea7a8521395d1b7fdcb1de4569dafe646f00c1c10d4c_s390x",
            "8Base-MTR-1:mtr/mtr-rhel8-operator@sha256:a3d0772c5ebda63371edf4f53b78f053bd9035498304e9f2091a0b76c6c26153_amd64",
            "8Base-MTR-1:mtr/mtr-web-container-rhel8@sha256:6eb6177323899560f965b9b142335be8577bcd1330d86185545d25dfa97796ca_amd64",
            "8Base-MTR-1:mtr/mtr-web-container-rhel8@sha256:86c57b36f6224c54305f7833c1452b9d3fe276f09b295978f8e95bc258593599_ppc64le",
            "8Base-MTR-1:mtr/mtr-web-container-rhel8@sha256:9052080bb46a5009e1497a198618b76311c6eefd386810da38d5d04ea05606c4_s390x",
            "8Base-MTR-1:mtr/mtr-web-executor-container-rhel8@sha256:1b09f65401896e35e4ad5bc4979baafb0600f83630ee97173033195f030271db_s390x",
            "8Base-MTR-1:mtr/mtr-web-executor-container-rhel8@sha256:b1076f9d028b653ff74926f09abb291395a0eb5d13c7e1522bc199fed9f68646_amd64",
            "8Base-MTR-1:mtr/mtr-web-executor-container-rhel8@sha256:b604d2e9dd393d52ba64cb39eec10cfab62d60a0b142df967de57734c87ff310_arm64",
            "8Base-MTR-1:mtr/mtr-web-executor-container-rhel8@sha256:f9607ef871579e739205639e31d22aad24dd777f0ae0959e9cf3a064d3d27ead_ppc64le"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "commons-compress: OutOfMemoryError unpacking broken Pack200 file"
    }
  ]
}

cve-2024-1300

Vulnerability from cvelistv5

Published

2024-04-02 07:33

Modified

2024-09-18 08:35

Severity

5.4 (Medium) - cvssV3_1 - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:L

Summary

Io.vertx:vertx-core: memory leak when a tcp server is configured with tls and sni support

References

URL	Tags
https://access.redhat.com/errata/RHSA-2024:1662	vendor-advisory, x_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2024:1706	vendor-advisory, x_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2024:1923	vendor-advisory, x_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2024:2088	vendor-advisory, x_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2024:2833	vendor-advisory, x_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2024:3527	vendor-advisory, x_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2024:3989	vendor-advisory, x_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2024:4884	vendor-advisory, x_refsource_REDHAT
https://access.redhat.com/security/cve/CVE-2024-1300	vdb-entry, x_refsource_REDHAT
https://bugzilla.redhat.com/show_bug.cgi?id=2263139	issue-tracking, x_refsource_REDHAT
https://vertx.io/docs/vertx-core/java/#_server_name_indication_sni.

Impacted products

Vendor	Product
Red Hat	CEQ 3.2
Red Hat	Cryostat 2 on RHEL 8
Red Hat	Cryostat 2 on RHEL 8
Red Hat	Cryostat 2 on RHEL 8
Red Hat	Cryostat 2 on RHEL 8
Red Hat	Cryostat 2 on RHEL 8
Red Hat	Cryostat 2 on RHEL 8
Red Hat	Migration Toolkit for Runtimes 1 on RHEL 8
Red Hat	Migration Toolkit for Runtimes 1 on RHEL 8
Red Hat	Migration Toolkit for Runtimes 1 on RHEL 8
Red Hat	Migration Toolkit for Runtimes 1 on RHEL 8
Red Hat	MTA-6.2-RHEL-9
Red Hat	Red Hat AMQ Streams 2.7.0
Red Hat	Red Hat build of Apache Camel 4.4.1 for Spring Boot
Red Hat	Red Hat build of Quarkus 3.2.11.Final
Red Hat	RHINT Service Registry 2.5.11 GA
Red Hat	A-MQ Clients 2
Red Hat	OpenShift Serverless
Red Hat	Red Hat build of Apache Camel for Spring Boot
Red Hat	Red Hat Build of Keycloak
Red Hat	Red Hat build of OptaPlanner 8
Red Hat	Red Hat build of Quarkus
Red Hat	Red Hat Data Grid 8
Red Hat	Red Hat Integration Camel K
Red Hat	Red Hat Integration Camel Quarkus
Red Hat	Red Hat JBoss A-MQ 7
Red Hat	Red Hat JBoss Data Grid 7
Red Hat	Red Hat JBoss Enterprise Application Platform 7
Red Hat	Red Hat JBoss Enterprise Application Platform 8
Red Hat	Red Hat JBoss Enterprise Application Platform Expansion Pack
Red Hat	Red Hat JBoss Fuse 7
Red Hat	Red Hat Process Automation 7

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-1300",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-04-02T15:16:36.592165Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-06-20T19:53:23.394Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-01T18:33:25.527Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "RHSA-2024:1662",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2024:1662"
          },
          {
            "name": "RHSA-2024:1706",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2024:1706"
          },
          {
            "name": "RHSA-2024:1923",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2024:1923"
          },
          {
            "name": "RHSA-2024:2088",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2024:2088"
          },
          {
            "name": "RHSA-2024:2833",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2024:2833"
          },
          {
            "name": "RHSA-2024:3527",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2024:3527"
          },
          {
            "name": "RHSA-2024:3989",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2024:3989"
          },
          {
            "name": "RHSA-2024:4884",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2024:4884"
          },
          {
            "tags": [
              "vdb-entry",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/security/cve/CVE-2024-1300"
          },
          {
            "name": "RHBZ#2263139",
            "tags": [
              "issue-tracking",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2263139"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://vertx.io/docs/vertx-core/java/#_server_name_indication_sni."
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:camel_quarkus:3"
          ],
          "defaultStatus": "unaffected",
          "packageName": "vertx-core",
          "product": "CEQ 3.2",
          "vendor": "Red Hat"
        },
        {
          "collectionURL": "https://catalog.redhat.com/software/containers/",
          "cpes": [
            "cpe:/a:redhat:cryostat:2::el8"
          ],
          "defaultStatus": "affected",
          "packageName": "cryostat-tech-preview/cryostat-grafana-dashboard-rhel8",
          "product": "Cryostat 2 on RHEL 8",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "2.4.0-7",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://catalog.redhat.com/software/containers/",
          "cpes": [
            "cpe:/a:redhat:cryostat:2::el8"
          ],
          "defaultStatus": "affected",
          "packageName": "cryostat-tech-preview/cryostat-operator-bundle",
          "product": "Cryostat 2 on RHEL 8",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "2.4.0-4",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://catalog.redhat.com/software/containers/",
          "cpes": [
            "cpe:/a:redhat:cryostat:2::el8"
          ],
          "defaultStatus": "affected",
          "packageName": "cryostat-tech-preview/cryostat-reports-rhel8",
          "product": "Cryostat 2 on RHEL 8",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "2.4.0-4",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://catalog.redhat.com/software/containers/",
          "cpes": [
            "cpe:/a:redhat:cryostat:2::el8"
          ],
          "defaultStatus": "affected",
          "packageName": "cryostat-tech-preview/cryostat-rhel8",
          "product": "Cryostat 2 on RHEL 8",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "2.4.0-4",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://catalog.redhat.com/software/containers/",
          "cpes": [
            "cpe:/a:redhat:cryostat:2::el8"
          ],
          "defaultStatus": "affected",
          "packageName": "cryostat-tech-preview/cryostat-rhel8-operator",
          "product": "Cryostat 2 on RHEL 8",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "2.4.0-9",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://catalog.redhat.com/software/containers/",
          "cpes": [
            "cpe:/a:redhat:cryostat:2::el8"
          ],
          "defaultStatus": "affected",
          "packageName": "cryostat-tech-preview/jfr-datasource-rhel8",
          "product": "Cryostat 2 on RHEL 8",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "2.4.0-4",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://catalog.redhat.com/software/containers/",
          "cpes": [
            "cpe:/a:redhat:migration_toolkit_runtimes:1.0::el8"
          ],
          "defaultStatus": "affected",
          "packageName": "mtr/mtr-operator-bundle",
          "product": "Migration Toolkit for Runtimes 1 on RHEL 8",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "1.2-18",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://catalog.redhat.com/software/containers/",
          "cpes": [
            "cpe:/a:redhat:migration_toolkit_runtimes:1.0::el8"
          ],
          "defaultStatus": "affected",
          "packageName": "mtr/mtr-rhel8-operator",
          "product": "Migration Toolkit for Runtimes 1 on RHEL 8",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "1.2-11",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://catalog.redhat.com/software/containers/",
          "cpes": [
            "cpe:/a:redhat:migration_toolkit_runtimes:1.0::el8"
          ],
          "defaultStatus": "affected",
          "packageName": "mtr/mtr-web-container-rhel8",
          "product": "Migration Toolkit for Runtimes 1 on RHEL 8",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "1.2-12",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://catalog.redhat.com/software/containers/",
          "cpes": [
            "cpe:/a:redhat:migration_toolkit_runtimes:1.0::el8"
          ],
          "defaultStatus": "affected",
          "packageName": "mtr/mtr-web-executor-container-rhel8",
          "product": "Migration Toolkit for Runtimes 1 on RHEL 8",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "1.2-10",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://catalog.redhat.com/software/containers/",
          "cpes": [
            "cpe:/a:redhat:migration_toolkit_applications:6.2::el9",
            "cpe:/a:redhat:migration_toolkit_applications:6.2::el8"
          ],
          "defaultStatus": "affected",
          "packageName": "mta/mta-windup-addon-rhel9",
          "product": "MTA-6.2-RHEL-9",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "6.2.3-2",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:amq_streams:2"
          ],
          "defaultStatus": "unaffected",
          "packageName": "vertx-core",
          "product": "Red Hat AMQ Streams 2.7.0",
          "vendor": "Red Hat"
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:apache_camel_spring_boot:4.4.1"
          ],
          "defaultStatus": "unaffected",
          "packageName": "vertx-core",
          "product": "Red Hat build of Apache Camel 4.4.1 for Spring Boot",
          "vendor": "Red Hat"
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:quarkus:3.2::el8"
          ],
          "defaultStatus": "affected",
          "packageName": "io.vertx/vertx-core",
          "product": "Red Hat build of Quarkus 3.2.11.Final",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "4.4.8.redhat-00001",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:service_registry:2.5"
          ],
          "defaultStatus": "unaffected",
          "packageName": "vertx-core",
          "product": "RHINT Service Registry 2.5.11 GA",
          "vendor": "Red Hat"
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:a_mq_clients:2"
          ],
          "defaultStatus": "unaffected",
          "packageName": "vertx-core",
          "product": "A-MQ Clients 2",
          "vendor": "Red Hat"
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:serverless:1"
          ],
          "defaultStatus": "unaffected",
          "packageName": "vertx-core",
          "product": "OpenShift Serverless",
          "vendor": "Red Hat"
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:camel_spring_boot:3"
          ],
          "defaultStatus": "affected",
          "packageName": "vertx-core",
          "product": "Red Hat build of Apache Camel for Spring Boot",
          "vendor": "Red Hat"
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:build_keycloak:"
          ],
          "defaultStatus": "affected",
          "packageName": "vertx-core",
          "product": "Red Hat Build of Keycloak",
          "vendor": "Red Hat"
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:optaplanner:::el6"
          ],
          "defaultStatus": "affected",
          "packageName": "vertx-core",
          "product": "Red Hat build of OptaPlanner 8",
          "vendor": "Red Hat"
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:quarkus:2"
          ],
          "defaultStatus": "affected",
          "packageName": "io.vertx/vertx-core",
          "product": "Red Hat build of Quarkus",
          "vendor": "Red Hat"
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:jboss_data_grid:8"
          ],
          "defaultStatus": "unaffected",
          "packageName": "vertx-core",
          "product": "Red Hat Data Grid 8",
          "vendor": "Red Hat"
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:integration:1"
          ],
          "defaultStatus": "affected",
          "packageName": "vertx-core",
          "product": "Red Hat Integration Camel K",
          "vendor": "Red Hat"
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:camel_quarkus:2"
          ],
          "defaultStatus": "affected",
          "packageName": "vertx-core",
          "product": "Red Hat Integration Camel Quarkus",
          "vendor": "Red Hat"
        },
        {
          "collectionURL": "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html",
          "cpes": [
            "cpe:/a:redhat:amq_broker:7"
          ],
          "defaultStatus": "unaffected",
          "packageName": "vertx-core",
          "product": "Red Hat JBoss A-MQ 7",
          "vendor": "Red Hat"
        },
        {
          "collectionURL": "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html",
          "cpes": [
            "cpe:/a:redhat:jboss_data_grid:7"
          ],
          "defaultStatus": "affected",
          "packageName": "vertx-core",
          "product": "Red Hat JBoss Data Grid 7",
          "vendor": "Red Hat"
        },
        {
          "collectionURL": "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html",
          "cpes": [
            "cpe:/a:redhat:jboss_enterprise_application_platform:7"
          ],
          "defaultStatus": "unaffected",
          "packageName": "vertx-core",
          "product": "Red Hat JBoss Enterprise Application Platform 7",
          "vendor": "Red Hat"
        },
        {
          "collectionURL": "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html",
          "cpes": [
            "cpe:/a:redhat:jboss_enterprise_application_platform:8"
          ],
          "defaultStatus": "unaffected",
          "packageName": "vertx-core",
          "product": "Red Hat JBoss Enterprise Application Platform 8",
          "vendor": "Red Hat"
        },
        {
          "collectionURL": "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html",
          "cpes": [
            "cpe:/a:redhat:jbosseapxp"
          ],
          "defaultStatus": "unaffected",
          "packageName": "vertx-core",
          "product": "Red Hat JBoss Enterprise Application Platform Expansion Pack",
          "vendor": "Red Hat"
        },
        {
          "collectionURL": "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html",
          "cpes": [
            "cpe:/a:redhat:jboss_fuse:7"
          ],
          "defaultStatus": "unaffected",
          "packageName": "vertx-core",
          "product": "Red Hat JBoss Fuse 7",
          "vendor": "Red Hat"
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:jboss_enterprise_bpms_platform:7"
          ],
          "defaultStatus": "affected",
          "packageName": "vertx-core",
          "product": "Red Hat Process Automation 7",
          "vendor": "Red Hat"
        }
      ],
      "datePublic": "2024-02-06T00:00:00+00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "A vulnerability in the Eclipse Vert.x toolkit causes a memory leak in TCP servers configured with TLS and SNI support. When processing an unknown SNI server name assigned the default certificate instead of a mapped certificate, the SSL context is erroneously cached in the server name map, leading to memory exhaustion. This flaw allows attackers to send TLS client hello messages with fake server names, triggering a JVM out-of-memory error."
        }
      ],
      "metrics": [
        {
          "other": {
            "content": {
              "namespace": "https://access.redhat.com/security/updates/classification/",
              "value": "Moderate"
            },
            "type": "Red Hat severity rating"
          }
        },
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "LOW",
            "baseScore": 5.4,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:L",
            "version": "3.1"
          },
          "format": "CVSS"
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-400",
              "description": "Uncontrolled Resource Consumption",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-09-18T08:35:47.355Z",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "references": [
        {
          "name": "RHSA-2024:1662",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2024:1662"
        },
        {
          "name": "RHSA-2024:1706",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2024:1706"
        },
        {
          "name": "RHSA-2024:1923",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2024:1923"
        },
        {
          "name": "RHSA-2024:2088",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2024:2088"
        },
        {
          "name": "RHSA-2024:2833",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2024:2833"
        },
        {
          "name": "RHSA-2024:3527",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2024:3527"
        },
        {
          "name": "RHSA-2024:3989",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2024:3989"
        },
        {
          "name": "RHSA-2024:4884",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2024:4884"
        },
        {
          "tags": [
            "vdb-entry",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/security/cve/CVE-2024-1300"
        },
        {
          "name": "RHBZ#2263139",
          "tags": [
            "issue-tracking",
            "x_refsource_REDHAT"
          ],
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2263139"
        },
        {
          "url": "https://vertx.io/docs/vertx-core/java/#_server_name_indication_sni."
        }
      ],
      "timeline": [
        {
          "lang": "en",
          "time": "2024-02-07T00:00:00+00:00",
          "value": "Reported to Red Hat."
        },
        {
          "lang": "en",
          "time": "2024-02-06T00:00:00+00:00",
          "value": "Made public."
        }
      ],
      "title": "Io.vertx:vertx-core: memory leak when a tcp server is configured with tls and sni support",
      "workarounds": [
        {
          "lang": "en",
          "value": "Mitigation for this issue is either not available or the currently available options don\u0027t meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability."
        }
      ],
      "x_redhatCweChain": "CWE-400: Uncontrolled Resource Consumption"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2024-1300",
    "datePublished": "2024-04-02T07:33:05.215Z",
    "dateReserved": "2024-02-07T07:11:11.156Z",
    "dateUpdated": "2024-09-18T08:35:47.355Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2024-26308

Vulnerability from cvelistv5

Published

2024-02-19 08:31

Modified

2024-08-02 00:07

Severity

Summary

Apache Commons Compress: OutOfMemoryError unpacking broken Pack200 file

References

URL	Tags
https://lists.apache.org/thread/ch5yo2d21p7vlqrhll9b17otbyq4npfg	vendor-advisory
http://www.openwall.com/lists/oss-security/2024/02/19/2
https://security.netapp.com/advisory/ntap-20240307-0009/

Impacted products

Vendor	Product
Apache Software Foundation	Apache Commons Compress

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-26308",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-02-22T17:49:36.910764Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-07-05T17:21:56.918Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T00:07:19.215Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread/ch5yo2d21p7vlqrhll9b17otbyq4npfg"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2024/02/19/2"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://security.netapp.com/advisory/ntap-20240307-0009/"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "collectionURL": "https://repo.maven.apache.org/maven2/",
          "defaultStatus": "unaffected",
          "packageName": "org.apache.commons:commons-compress",
          "product": "Apache Commons Compress",
          "vendor": "Apache Software Foundation",
          "versions": [
            {
              "lessThan": "1.26.0",
              "status": "affected",
              "version": "1.21",
              "versionType": "semver"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "reporter",
          "value": "Yakov Shafranovich, Amazon Web Services"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "Allocation of Resources Without Limits or Throttling vulnerability in Apache Commons Compress.\u003cp\u003eThis issue affects Apache Commons Compress: from 1.21 before 1.26.\u003c/p\u003e\u003cp\u003eUsers are recommended to upgrade to version 1.26, which fixes the issue.\u003c/p\u003e"
            }
          ],
          "value": "Allocation of Resources Without Limits or Throttling vulnerability in Apache Commons Compress.This issue affects Apache Commons Compress: from 1.21 before 1.26.\n\nUsers are recommended to upgrade to version 1.26, which fixes the issue.\n\n"
        }
      ],
      "metrics": [
        {
          "other": {
            "content": {
              "text": "moderate"
            },
            "type": "Textual description of severity"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-770",
              "description": "CWE-770 Allocation of Resources Without Limits or Throttling",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-02-19T08:31:50.192Z",
        "orgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
        "shortName": "apache"
      },
      "references": [
        {
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://lists.apache.org/thread/ch5yo2d21p7vlqrhll9b17otbyq4npfg"
        },
        {
          "url": "http://www.openwall.com/lists/oss-security/2024/02/19/2"
        },
        {
          "url": "https://security.netapp.com/advisory/ntap-20240307-0009/"
        }
      ],
      "source": {
        "discovery": "EXTERNAL"
      },
      "title": "Apache Commons Compress: OutOfMemoryError unpacking broken Pack200 file",
      "x_generator": {
        "engine": "Vulnogram 0.1.0-dev"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
    "assignerShortName": "apache",
    "cveId": "CVE-2024-26308",
    "datePublished": "2024-02-19T08:31:50.192Z",
    "dateReserved": "2024-02-17T22:08:44.423Z",
    "dateUpdated": "2024-08-02T00:07:19.215Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Action not permitted

rhsa-2024_1923

Vulnerability from csaf_redhat

cve-2024-1300

Vulnerability from cvelistv5

cve-2024-26308

Vulnerability from cvelistv5

Tags