Get a Demo

Let's Patch It!

Book a short call with one our specialists, we'll walk you through how Endor Patches work, and ask you a few questions about your environment (like your primary programming languages and repository management). We'll also send you an email right after you fill out the form, feel free to reply with any questions you have in advance!

cve-2024-1023
Back to All
CVE

CVE-2024-1023

Eclipse Vert.x memory leak

Description

A vulnerability in the Eclipse Vert.x toolkit results in a memory leak due to using Netty FastThreadLocal data structures. Specifically, when the Vert.x HTTP client establishes connections to different hosts, triggering the memory leak. The leak can be accelerated with intimate runtime knowledge, allowing an attacker to exploit this vulnerability. For instance, a server accepting arbitrary internet addresses could serve as an attack vector by connecting to these addresses, thereby accelerating the memory leak.

Base CVSS

7.5

EPSS Score

2.97%

Introduced Version

4.4.5

Fix Available

4.4.7,4.5.2

Available Patches

Package
CVEs Fixed
Lines of Code Changed
Package Name
io.vertx:vertx-core
4.5.1
CVES Fixed
C
0
H
1
M
0
L
0
Code Changed
+171
-8

References

https://access.redhat.com/errata/RHSA-2024:1706
https://github.com/eclipse-vertx/vert.x/pull/5080
https://access.redhat.com/errata/RHSA-2024:3527
https://access.redhat.com/errata/RHSA-2024:4884
https://access.redhat.com/security/cve/CVE-2024-1023
https://github.com/eclipse-vertx/vert.x
https://bugzilla.redhat.com/show_bug.cgi?id=2260840
https://github.com/eclipse-vertx/vert.x/pull/5082
https://access.redhat.com/errata/RHSA-2024:2833
https://github.com/eclipse-vertx/vert.x/commit/665ceba38444e3929bb7b9a2a0bae2cb603fe81b
https://github.com/eclipse-vertx/vert.x/commit/dd6f64302b56cd4d3dcf61efaaf174b5f6ce676d
https://access.redhat.com/errata/RHSA-2024:2088
https://access.redhat.com/errata/RHSA-2024:1662
https://github.com/eclipse-vertx/vert.x/issues/5078
https://access.redhat.com/errata/RHSA-2024:3989
https://nvd.nist.gov/vuln/detail/CVE-2024-1023

AppSec for the Software Development Revolution

Endor Labs builds a complete graph of your software estate, so teams can pinpoint and fix critical risks in complex, dependency-rich code—whether it was written by humans or AI.

Welcome to the resistance
Oops! Something went wrong, please try again.
brightness-increase
moon-01