CVE-2024-1023— Io.vertx/vertx-core: memory leak due to the use of netty fastthreadlocal data structures in vertx
Get alerts for future matching vulnerabilitiesLog in to subscribe
I. Basic Information for CVE-2024-1023
Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗ Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Io.vertx/vertx-core: memory leak due to the use of netty fastthreadlocal data structures in vertx
Source: NVD (National Vulnerability Database)
Vulnerability Description
A vulnerability in the Eclipse Vert.x toolkit results in a memory leak due to using Netty FastThreadLocal data structures. Specifically, when the Vert.x HTTP client establishes connections to different hosts, triggering the memory leak. The leak can be accelerated with intimate runtime knowledge, allowing an attacker to exploit this vulnerability. For instance, a server accepting arbitrary internet addresses could serve as an attack vector by connecting to these addresses, thereby accelerating the memory leak.
Source: NVD (National Vulnerability Database)
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Source: NVD (National Vulnerability Database)
Vulnerability Type
在移除最后引用时对内存的释放不恰当(内存泄露)
Source: NVD (National Vulnerability Database)
Vulnerability Title
Eclipse Vert.x 安全漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
Eclipse Vert.x是Eclipse基金会的一个应用于 JVM 上用于构建响应式应用程序的工具包。 Eclipse Vert.x toolkit 存在安全漏洞,该漏洞源于使用 Netty FastThreadLocal 数据结构会导致内存泄漏,当Vert.x HTTP客户端与不同主机建立连接时可能触发内存泄漏。
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)
Affected Products
| Vendor | Product | Affected Versions | CPE | Subscribe |
|---|---|---|---|---|
| Red Hat | CEQ 3.2 | - | cpe:/a:redhat:camel_quarkus:3 | |
| Red Hat | Cryostat 2 on RHEL 8 | 2.4.0-7 ~ * | cpe:/a:redhat:cryostat:2::el8 | |
| Red Hat | Cryostat 2 on RHEL 8 | 2.4.0-4 ~ * | cpe:/a:redhat:cryostat:2::el8 | |
| Red Hat | Cryostat 2 on RHEL 8 | 2.4.0-4 ~ * | cpe:/a:redhat:cryostat:2::el8 | |
| Red Hat | Cryostat 2 on RHEL 8 | 2.4.0-4 ~ * | cpe:/a:redhat:cryostat:2::el8 | |
| Red Hat | Cryostat 2 on RHEL 8 | 2.4.0-9 ~ * | cpe:/a:redhat:cryostat:2::el8 | |
| Red Hat | Cryostat 2 on RHEL 8 | 2.4.0-4 ~ * | cpe:/a:redhat:cryostat:2::el8 | |
| Red Hat | MTA-6.2-RHEL-9 | 6.2.3-2 ~ * | cpe:/a:redhat:migration_toolkit_applications:6.2::el8 | |
| Red Hat | Red Hat AMQ Streams 2.7.0 | - | cpe:/a:redhat:amq_streams:2 | |
| Red Hat | Red Hat build of Apache Camel 4.4.1 for Spring Boot 3.2 | - | cpe:/a:redhat:apache_camel_spring_boot:4.4::el6 | |
| Red Hat | Red Hat build of Quarkus 3.2.11.Final | 4.4.8.redhat-00001 ~ * | cpe:/a:redhat:quarkus:3.2::el8 | |
| Red Hat | RHINT Service Registry 2.5.11 GA | - | cpe:/a:redhat:service_registry:2.5 | |
| Red Hat | A-MQ Clients 2 | - | cpe:/a:redhat:a_mq_clients:2 | |
| Red Hat | Migration Toolkit for Runtimes | - | cpe:/a:redhat:migration_toolkit_runtimes:1 | |
| Red Hat | OpenShift Serverless | - | cpe:/a:redhat:serverless:1 | |
| Red Hat | Red Hat AMQ Broker 7 | - | cpe:/a:redhat:amq_broker:7 | |
| Red Hat | Red Hat build of Apache Camel for Spring Boot 3 | - | cpe:/a:redhat:camel_spring_boot:3 | |
| Red Hat | Red Hat Build of Keycloak | - | cpe:/a:redhat:build_keycloak: | |
| Red Hat | Red Hat build of OptaPlanner 8 | - | cpe:/a:redhat:optaplanner:::el6 | |
| Red Hat | Red Hat build of Quarkus | - | cpe:/a:redhat:quarkus:2 | |
| Red Hat | Red Hat Data Grid 8 | - | cpe:/a:redhat:jboss_data_grid:8 | |
| Red Hat | Red Hat Fuse 7 | - | cpe:/a:redhat:jboss_fuse:7 | |
| Red Hat | Red Hat Integration Camel K 1 | - | cpe:/a:redhat:integration:1 | |
| Red Hat | Red Hat Integration Camel Quarkus 2 | - | cpe:/a:redhat:camel_quarkus:2 | |
| Red Hat | Red Hat JBoss Data Grid 7 | - | cpe:/a:redhat:jboss_data_grid:7 | |
| Red Hat | Red Hat JBoss Enterprise Application Platform 7 | - | cpe:/a:redhat:jboss_enterprise_application_platform:7 | |
| Red Hat | Red Hat JBoss Enterprise Application Platform 8 | - | cpe:/a:redhat:jboss_enterprise_application_platform:8 | |
| Red Hat | Red Hat JBoss Enterprise Application Platform Expansion Pack | - | cpe:/a:redhat:jbosseapxp | |
| Red Hat | Red Hat Process Automation 7 | - | cpe:/a:redhat:jboss_enterprise_bpms_platform:7 |
II. Public POCs for CVE-2024-1023
| # | POC Description | Source Link | Shenlong Link |
|---|
AI-Generated POCPremium
No public POC found.
Login to generate AI POCIII. Intelligence Information for CVE-2024-1023
请登录查看更多情报信息。
IV. Related Vulnerabilities
Same weakness: CWE-401
- CVE-2026-43506
Prosody 安全漏洞 - CVE-2026-7379
Missing Release of Memory after Effective Lifetime in Wiresh - CVE-2026-40336
libgphoto2 has memory leak in ptp_unpack_Sony_DPD() secondar - CVE-2026-33775
Junos OS: MX Series: Mismatch between configured and receive - CVE-2026-33782
Junos OS: MX Series: In specific DHCPv6 scenarios jdhcpd mem
V. Comments for CVE-2024-1023
No comments yet