Medium severity6.5GHSA Advisory· Published Mar 27, 2024· Updated Apr 15, 2026
CVE-2024-1023
CVE-2024-1023
Description
A vulnerability in the Eclipse Vert.x toolkit results in a memory leak due to using Netty FastThreadLocal data structures. Specifically, when the Vert.x HTTP client establishes connections to different hosts, triggering the memory leak. The leak can be accelerated with intimate runtime knowledge, allowing an attacker to exploit this vulnerability. For instance, a server accepting arbitrary internet addresses could serve as an attack vector by connecting to these addresses, thereby accelerating the memory leak.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
io.vertx:vertx-coreMaven | >= 4.5.0, < 4.5.2 | 4.5.2 |
io.vertx:vertx-coreMaven | >= 4.4.5, < 4.4.7 | 4.4.7 |
Affected products
2Patches
Vulnerability mechanics
References
16- github.com/advisories/GHSA-5667-3wch-7q7wghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2024-1023ghsaADVISORY
- access.redhat.com/errata/RHSA-2024:1662nvdWEB
- access.redhat.com/errata/RHSA-2024:1706nvdWEB
- access.redhat.com/errata/RHSA-2024:2088nvdWEB
- access.redhat.com/errata/RHSA-2024:2833nvdWEB
- access.redhat.com/errata/RHSA-2024:3527nvdWEB
- access.redhat.com/errata/RHSA-2024:3989nvdWEB
- access.redhat.com/errata/RHSA-2024:4884nvdWEB
- access.redhat.com/security/cve/CVE-2024-1023nvdWEB
- bugzilla.redhat.com/show_bug.cginvdWEB
- github.com/eclipse-vertx/vert.x/commit/665ceba38444e3929bb7b9a2a0bae2cb603fe81bghsaWEB
- github.com/eclipse-vertx/vert.x/commit/dd6f64302b56cd4d3dcf61efaaf174b5f6ce676dghsaWEB
- github.com/eclipse-vertx/vert.x/issues/5078nvdWEB
- github.com/eclipse-vertx/vert.x/pull/5080nvdWEB
- github.com/eclipse-vertx/vert.x/pull/5082nvdWEB
News mentions
0No linked articles in our index yet.