A vulnerability in the Eclipse Vert.x toolkit causes a memory leak in TCP servers configured with TLS and SNI support. When processing an unknown SNI server name assigned the default certificate instead of a mapped certificate, the SSL context is erroneously cached in the server name map, leading to memory exhaustion. This flaw allows attackers to send TLS client hello messages with fake server names, triggering a JVM out-of-memory error.
Metrics
Affected Vendors & Products
References
History
Mon, 25 Nov 2024 05:15:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Weaknesses | CWE-400 |
Fri, 22 Nov 2024 16:00:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Weaknesses | CWE-1392 CWE-401 |
Thu, 19 Sep 2024 02:30:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Metrics |
ssvc
|
Wed, 18 Sep 2024 08:45:00 +0000
Type | Values Removed | Values Added |
---|---|---|
CPEs | cpe:/a:redhat:build_keycloak: |
MITRE
Status: PUBLISHED
Assigner: redhat
Published: 2024-04-02T07:33:05.215Z
Updated: 2024-11-25T02:45:39.468Z
Reserved: 2024-02-07T07:11:11.156Z
Link: CVE-2024-1300
Vulnrichment
Updated: 2024-08-01T18:33:25.527Z
NVD
Status : Awaiting Analysis
Published: 2024-04-02T08:15:53.993
Modified: 2024-11-25T03:15:10.053
Link: CVE-2024-1300
Redhat