Home > Vulnerability Database > CVE-2024-1300

Mend.io Vulnerability Database

CVE-2024-1300

Good to know:

Date: April 2, 2024

A vulnerability in the Eclipse Vert.x toolkit causes a memory leak in TCP servers configured with TLS and SNI support. When processing an unknown SNI server name assigned the default certificate instead of a mapped certificate, the SSL context is erroneously cached in the server name map, leading to memory exhaustion. This flaw allows attackers to send TLS client hello messages with fake server names, triggering a JVM out-of-memory error.

Language: Java

Severity Score

5.4

Related Resources (19)

Url: https://access.redhat.com/errata/RHSA-2024:2088

Url: https://github.com/eclipse-vertx/vert.x/commit/7ad34ea9d78f85e26b231ee3ec8d492d10046479

Url: https://github.com/eclipse-vertx/vert.x

Url: https://access.redhat.com/errata/RHSA-2024:1923

Url: https://vertx.io/docs/vertx-core/java/#_server_name_indication_sni.

Url: https://access.redhat.com/security/cve/CVE-2024-1300

Url: https://access.redhat.com/errata/RHSA-2024:1706

Url: https://github.com/eclipse-vertx/vert.x/pull/5099

Url: https://access.redhat.com/errata/RHSA-2024:1662

Url: https://nvd.nist.gov/vuln/detail/CVE-2024-1300

Url: https://access.redhat.com/errata/RHSA-2024:4884

Url: https://github.com/eclipse-vertx/vert.x/pull/5101

Url: https://github.com/eclipse-vertx/vert.x/pull/5100

Url: https://access.redhat.com/errata/RHSA-2024:3989

Url: https://access.redhat.com/errata/RHSA-2024:3527

Url: https://bugzilla.redhat.com/show_bug.cgi?id=2263139

Url: https://github.com/eclipse-vertx/vert.x/commit/3d9235cadf44df39a70dc75bddfe0b8fcbd6a683

Url: https://access.redhat.com/errata/RHSA-2024:2833

Url: https://www.mend.io/vulnerability-database/CVE-2024-1300

Severity Score

5.4

Weakness Type (CWE)

Uncontrolled Resource Consumption ('Resource Exhaustion')

CWE-400

Top Fix

Upgrade Version

Upgrade to version io.vertx:vertx-core:4.4.8,4.5.3

Learn More

CVSS v3.1

Base Score:	5.4
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	LOW
Privileges Required (PR):	LOW
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	LOW
Integrity (I):	NONE
Availability (A):	LOW

Mend.io Vulnerability Database

We found results for “”

CVE-2024-1300

Good to know:

Date: April 2, 2024

Language: Java

Severity Score

Related Resources (19)

Severity Score

Weakness Type (CWE)

Top Fix

Upgrade Version

CVSS v3.1

Do you need more information?