CVE-2024-1300 - Vulnerability Details

A vulnerability in the Eclipse Vert.x toolkit causes a memory leak in TCP servers configured with TLS and SNI support. When processing an unknown SNI server name assigned the default certificate instead of a mapped certificate, the SSL context is erroneously cached in the server name map, leading to memory exhaustion. This flaw allows attackers to send TLS client hello messages with fake server names, triggering a JVM out-of-memory error.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact Low

Integrity Impact None

Availability Impact Low

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Exploitation none

Automatable no

Technical Impact partial

Vendors	Products
Redhat	A Mq Clients Amq Broker Amq Streams Apache Camel Spring Boot Build Keycloak Camel Quarkus Camel Spring Boot Cryostat Integration Jboss Data Grid Jboss Enterprise Application Platform Jboss Enterprise Bpms Platform Jboss Fuse Jbosseapxp Migration Toolkit Applications Migration Toolkit Runtimes Optaplanner Quarkus Serverless Service Registry

No data.

Package	CPE	Advisory	Released Date
CEQ 3.2
vertx-core	cpe:/a:redhat:camel_quarkus:3	RHSA-2024:1706	2024-04-09T00:00:00Z
Cryostat 2 on RHEL 8
cryostat-tech-preview/cryostat-grafana-dashboard-rhel8:2.4.0-7	cpe:/a:redhat:cryostat:2::el8	RHSA-2024:2088	2024-04-29T00:00:00Z
cryostat-tech-preview/cryostat-operator-bundle:2.4.0-4	cpe:/a:redhat:cryostat:2::el8	RHSA-2024:2088	2024-04-29T00:00:00Z
cryostat-tech-preview/cryostat-reports-rhel8:2.4.0-4	cpe:/a:redhat:cryostat:2::el8	RHSA-2024:2088	2024-04-29T00:00:00Z
cryostat-tech-preview/cryostat-rhel8:2.4.0-4	cpe:/a:redhat:cryostat:2::el8	RHSA-2024:2088	2024-04-29T00:00:00Z
cryostat-tech-preview/cryostat-rhel8-operator:2.4.0-9	cpe:/a:redhat:cryostat:2::el8	RHSA-2024:2088	2024-04-29T00:00:00Z
cryostat-tech-preview/jfr-datasource-rhel8:2.4.0-4	cpe:/a:redhat:cryostat:2::el8	RHSA-2024:2088	2024-04-29T00:00:00Z
Migration Toolkit for Runtimes 1 on RHEL 8
mtr/mtr-operator-bundle:1.2-18	cpe:/a:redhat:migration_toolkit_runtimes:1.0::el8	RHSA-2024:1923	2024-04-18T00:00:00Z
mtr/mtr-rhel8-operator:1.2-11	cpe:/a:redhat:migration_toolkit_runtimes:1.0::el8	RHSA-2024:1923	2024-04-18T00:00:00Z
mtr/mtr-web-container-rhel8:1.2-12	cpe:/a:redhat:migration_toolkit_runtimes:1.0::el8	RHSA-2024:1923	2024-04-18T00:00:00Z
mtr/mtr-web-executor-container-rhel8:1.2-10	cpe:/a:redhat:migration_toolkit_runtimes:1.0::el8	RHSA-2024:1923	2024-04-18T00:00:00Z
MTA-6.2-RHEL-9
mta/mta-windup-addon-rhel9:6.2.3-2	cpe:/a:redhat:migration_toolkit_applications:6.2::el9	RHSA-2024:3989	2024-06-20T00:00:00Z
Red Hat AMQ Streams 2.7.0
vertx-core	cpe:/a:redhat:amq_streams:2	RHSA-2024:3527	2024-05-30T00:00:00Z
Red Hat build of Apache Camel 4.4.1 for Spring Boot
vertx-core	cpe:/a:redhat:apache_camel_spring_boot:4.4.1	RHSA-2024:4884	2024-07-25T00:00:00Z
Red Hat build of Quarkus 3.2.11.Final
io.vertx/vertx-core:4.4.8.redhat-00001	cpe:/a:redhat:quarkus:3.2::el8	RHSA-2024:1662	2024-04-03T00:00:00Z
RHINT Service Registry 2.5.11 GA
vertx-core	cpe:/a:redhat:service_registry:2.5	RHSA-2024:2833	2024-05-14T00:00:00Z

References

Link	Providers
https://access.redhat.com/errata/RHSA-2024:1662
https://access.redhat.com/errata/RHSA-2024:1706
https://access.redhat.com/errata/RHSA-2024:1923
https://access.redhat.com/errata/RHSA-2024:2088
https://access.redhat.com/errata/RHSA-2024:2833
https://access.redhat.com/errata/RHSA-2024:3527
https://access.redhat.com/errata/RHSA-2024:3989
https://access.redhat.com/errata/RHSA-2024:4884
https://access.redhat.com/security/cve/CVE-2024-1300
https://bugzilla.redhat.com/show_bug.cgi?id=2263139
https://nvd.nist.gov/vuln/detail/CVE-2024-1300
https://vertx.io/docs/vertx-core/java/#_server_name_indication_sni.
https://www.cve.org/CVERecord?id=CVE-2024-1300

History

Mon, 25 Nov 2024 05:15:00 +0000

Type	Values Removed	Values Added
Weaknesses	CWE-400

Fri, 22 Nov 2024 16:00:00 +0000

Type	Values Removed	Values Added
Weaknesses		CWE-1392 CWE-401

Thu, 19 Sep 2024 02:30:00 +0000

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}`

Wed, 18 Sep 2024 08:45:00 +0000

Type	Values Removed	Values Added
CPEs	~~cpe:/a:redhat:build_keycloak:22~~	cpe:/a:redhat:build_keycloak:

MITRE

Status: PUBLISHED

Assigner: redhat

Published: 2024-04-02T07:33:05.215Z

Updated: 2025-02-27T03:22:18.712Z

Reserved: 2024-02-07T07:11:11.156Z

Link: CVE-2024-1300

Vulnrichment

Updated: 2024-08-01T18:33:25.527Z

NVD

Status : Awaiting Analysis

Published: 2024-04-02T08:15:53.993

Modified: 2024-11-25T03:15:10.053

Link: CVE-2024-1300

Redhat

Severity : Moderate

Publid Date: 2024-02-06T00:00:00Z

Links: CVE-2024-1300 - Bugzilla

Show plain JSON

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2024-1300", "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "state": "PUBLISHED", "assignerShortName": "redhat", "dateReserved": "2024-02-07T07:11:11.156Z", "datePublished": "2024-04-02T07:33:05.215Z", "dateUpdated": "2025-02-27T03:22:18.712Z"}, "containers": {"cna": {"title": "Io.vertx:vertx-core: memory leak when a tcp server is configured with tls and sni support", "metrics": [{"other": {"content": {"value": "Moderate", "namespace": "https://access.redhat.com/security/updates/classification/"}, "type": "Red Hat severity rating"}}, {"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 5.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:L", "version": "3.1"}, "format": "CVSS"}], "descriptions": [{"lang": "en", "value": "A vulnerability in the Eclipse Vert.x toolkit causes a memory leak in TCP servers configured with TLS and SNI support. When processing an unknown SNI server name assigned the default certificate instead of a mapped certificate, the SSL context is erroneously cached in the server name map, leading to memory exhaustion. This flaw allows attackers to send TLS client hello messages with fake server names, triggering a JVM out-of-memory error."}], "affected": [{"versions": [{"status": "affected", "version": "4.3.4", "versionType": "semver", "lessThanOrEqual": "4.5.2"}], "packageName": "io.vertx:vertx-core", "collectionURL": "https://vertx.io/docs/vertx-core/java/", "defaultStatus": "unaffected"}, {"vendor": "Red Hat", "product": "CEQ 3.2", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "defaultStatus": "unaffected", "packageName": "vertx-core", "cpes": ["cpe:/a:redhat:camel_quarkus:3"]}, {"vendor": "Red Hat", "product": "Cryostat 2 on RHEL 8", "collectionURL": "https://catalog.redhat.com/software/containers/", "packageName": "cryostat-tech-preview/cryostat-grafana-dashboard-rhel8", "defaultStatus": "affected", "versions": [{"version": "2.4.0-7", "lessThan": "*", "versionType": "rpm", "status": "unaffected"}], "cpes": ["cpe:/a:redhat:cryostat:2::el8"]}, {"vendor": "Red Hat", "product": "Cryostat 2 on RHEL 8", "collectionURL": "https://catalog.redhat.com/software/containers/", "packageName": "cryostat-tech-preview/cryostat-operator-bundle", "defaultStatus": "affected", "versions": [{"version": "2.4.0-4", "lessThan": "*", "versionType": "rpm", "status": "unaffected"}], "cpes": ["cpe:/a:redhat:cryostat:2::el8"]}, {"vendor": "Red Hat", "product": "Cryostat 2 on RHEL 8", "collectionURL": "https://catalog.redhat.com/software/containers/", "packageName": "cryostat-tech-preview/cryostat-reports-rhel8", "defaultStatus": "affected", "versions": [{"version": "2.4.0-4", "lessThan": "*", "versionType": "rpm", "status": "unaffected"}], "cpes": ["cpe:/a:redhat:cryostat:2::el8"]}, {"vendor": "Red Hat", "product": "Cryostat 2 on RHEL 8", "collectionURL": "https://catalog.redhat.com/software/containers/", "packageName": "cryostat-tech-preview/cryostat-rhel8", "defaultStatus": "affected", "versions": [{"version": "2.4.0-4", "lessThan": "*", "versionType": "rpm", "status": "unaffected"}], "cpes": ["cpe:/a:redhat:cryostat:2::el8"]}, {"vendor": "Red Hat", "product": "Cryostat 2 on RHEL 8", "collectionURL": "https://catalog.redhat.com/software/containers/", "packageName": "cryostat-tech-preview/cryostat-rhel8-operator", "defaultStatus": "affected", "versions": [{"version": "2.4.0-9", "lessThan": "*", "versionType": "rpm", "status": "unaffected"}], "cpes": ["cpe:/a:redhat:cryostat:2::el8"]}, {"vendor": "Red Hat", "product": "Cryostat 2 on RHEL 8", "collectionURL": "https://catalog.redhat.com/software/containers/", "packageName": "cryostat-tech-preview/jfr-datasource-rhel8", "defaultStatus": "affected", "versions": [{"version": "2.4.0-4", "lessThan": "*", "versionType": "rpm", "status": "unaffected"}], "cpes": ["cpe:/a:redhat:cryostat:2::el8"]}, {"vendor": "Red Hat", "product": "Migration Toolkit for Runtimes 1 on RHEL 8", "collectionURL": "https://catalog.redhat.com/software/containers/", "packageName": "mtr/mtr-operator-bundle", "defaultStatus": "affected", "versions": [{"version": "1.2-18", "lessThan": "*", "versionType": "rpm", "status": "unaffected"}], "cpes": ["cpe:/a:redhat:migration_toolkit_runtimes:1.0::el8"]}, {"vendor": "Red Hat", "product": "Migration Toolkit for Runtimes 1 on RHEL 8", "collectionURL": "https://catalog.redhat.com/software/containers/", "packageName": "mtr/mtr-rhel8-operator", "defaultStatus": "affected", "versions": [{"version": "1.2-11", "lessThan": "*", "versionType": "rpm", "status": "unaffected"}], "cpes": ["cpe:/a:redhat:migration_toolkit_runtimes:1.0::el8"]}, {"vendor": "Red Hat", "product": "Migration Toolkit for Runtimes 1 on RHEL 8", "collectionURL": "https://catalog.redhat.com/software/containers/", "packageName": "mtr/mtr-web-container-rhel8", "defaultStatus": "affected", "versions": [{"version": "1.2-12", "lessThan": "*", "versionType": "rpm", "status": "unaffected"}], "cpes": ["cpe:/a:redhat:migration_toolkit_runtimes:1.0::el8"]}, {"vendor": "Red Hat", "product": "Migration Toolkit for Runtimes 1 on RHEL 8", "collectionURL": "https://catalog.redhat.com/software/containers/", "packageName": "mtr/mtr-web-executor-container-rhel8", "defaultStatus": "affected", "versions": [{"version": "1.2-10", "lessThan": "*", "versionType": "rpm", "status": "unaffected"}], "cpes": ["cpe:/a:redhat:migration_toolkit_runtimes:1.0::el8"]}, {"vendor": "Red Hat", "product": "MTA-6.2-RHEL-9", "collectionURL": "https://catalog.redhat.com/software/containers/", "packageName": "mta/mta-windup-addon-rhel9", "defaultStatus": "affected", "versions": [{"version": "6.2.3-2", "lessThan": "*", "versionType": "rpm", "status": "unaffected"}], "cpes": ["cpe:/a:redhat:migration_toolkit_applications:6.2::el9", "cpe:/a:redhat:migration_toolkit_applications:6.2::el8"]}, {"vendor": "Red Hat", "product": "Red Hat AMQ Streams 2.7.0", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "defaultStatus": "unaffected", "packageName": "vertx-core", "cpes": ["cpe:/a:redhat:amq_streams:2"]}, {"vendor": "Red Hat", "product": "Red Hat build of Apache Camel 4.4.1 for Spring Boot", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "defaultStatus": "unaffected", "packageName": "vertx-core", "cpes": ["cpe:/a:redhat:apache_camel_spring_boot:4.4.1"]}, {"vendor": "Red Hat", "product": "Red Hat build of Quarkus 3.2.11.Final", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "io.vertx/vertx-core", "defaultStatus": "affected", "versions": [{"version": "4.4.8.redhat-00001", "lessThan": "*", "versionType": "rpm", "status": "unaffected"}], "cpes": ["cpe:/a:redhat:quarkus:3.2::el8"]}, {"vendor": "Red Hat", "product": "RHINT Service Registry 2.5.11 GA", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "defaultStatus": "unaffected", "packageName": "vertx-core", "cpes": ["cpe:/a:redhat:service_registry:2.5"]}, {"vendor": "Red Hat", "product": "A-MQ Clients 2", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "vertx-core", "defaultStatus": "unaffected", "cpes": ["cpe:/a:redhat:a_mq_clients:2"]}, {"vendor": "Red Hat", "product": "OpenShift Serverless", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "vertx-core", "defaultStatus": "unaffected", "cpes": ["cpe:/a:redhat:serverless:1"]}, {"vendor": "Red Hat", "product": "Red Hat AMQ Broker 7", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "vertx-core", "defaultStatus": "unaffected", "cpes": ["cpe:/a:redhat:amq_broker:7"]}, {"vendor": "Red Hat", "product": "Red Hat build of Apache Camel for Spring Boot 3", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "vertx-core", "defaultStatus": "affected", "cpes": ["cpe:/a:redhat:camel_spring_boot:3"]}, {"vendor": "Red Hat", "product": "Red Hat Build of Keycloak", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "vertx-core", "defaultStatus": "affected", "cpes": ["cpe:/a:redhat:build_keycloak:"]}, {"vendor": "Red Hat", "product": "Red Hat build of OptaPlanner 8", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "vertx-core", "defaultStatus": "affected", "cpes": ["cpe:/a:redhat:optaplanner:::el6"]}, {"vendor": "Red Hat", "product": "Red Hat build of Quarkus", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "io.vertx/vertx-core", "defaultStatus": "affected", "cpes": ["cpe:/a:redhat:quarkus:2"]}, {"vendor": "Red Hat", "product": "Red Hat Data Grid 8", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "vertx-core", "defaultStatus": "unaffected", "cpes": ["cpe:/a:redhat:jboss_data_grid:8"]}, {"vendor": "Red Hat", "product": "Red Hat Fuse 7", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "vertx-core", "defaultStatus": "unaffected", "cpes": ["cpe:/a:redhat:jboss_fuse:7"]}, {"vendor": "Red Hat", "product": "Red Hat Integration Camel K", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "vertx-core", "defaultStatus": "affected", "cpes": ["cpe:/a:redhat:integration:1"]}, {"vendor": "Red Hat", "product": "Red Hat Integration Camel Quarkus", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "vertx-core", "defaultStatus": "affected", "cpes": ["cpe:/a:redhat:camel_quarkus:2"]}, {"vendor": "Red Hat", "product": "Red Hat JBoss Data Grid 7", "collectionURL": "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html", "packageName": "vertx-core", "defaultStatus": "affected", "cpes": ["cpe:/a:redhat:jboss_data_grid:7"]}, {"vendor": "Red Hat", "product": "Red Hat JBoss Enterprise Application Platform 7", "collectionURL": "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html", "packageName": "vertx-core", "defaultStatus": "unaffected", "cpes": ["cpe:/a:redhat:jboss_enterprise_application_platform:7"]}, {"vendor": "Red Hat", "product": "Red Hat JBoss Enterprise Application Platform 8", "collectionURL": "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html", "packageName": "vertx-core", "defaultStatus": "unaffected", "cpes": ["cpe:/a:redhat:jboss_enterprise_application_platform:8"]}, {"vendor": "Red Hat", "product": "Red Hat JBoss Enterprise Application Platform Expansion Pack", "collectionURL": "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html", "packageName": "vertx-core", "defaultStatus": "unaffected", "cpes": ["cpe:/a:redhat:jbosseapxp"]}, {"vendor": "Red Hat", "product": "Red Hat Process Automation 7", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "vertx-core", "defaultStatus": "affected", "cpes": ["cpe:/a:redhat:jboss_enterprise_bpms_platform:7"]}], "references": [{"url": "https://access.redhat.com/errata/RHSA-2024:1662", "name": "RHSA-2024:1662", "tags": ["vendor-advisory", "x_refsource_REDHAT"]}, {"url": "https://access.redhat.com/errata/RHSA-2024:1706", "name": "RHSA-2024:1706", "tags": ["vendor-advisory", "x_refsource_REDHAT"]}, {"url": "https://access.redhat.com/errata/RHSA-2024:1923", "name": "RHSA-2024:1923", "tags": ["vendor-advisory", "x_refsource_REDHAT"]}, {"url": "https://access.redhat.com/errata/RHSA-2024:2088", "name": "RHSA-2024:2088", "tags": ["vendor-advisory", "x_refsource_REDHAT"]}, {"url": "https://access.redhat.com/errata/RHSA-2024:2833", "name": "RHSA-2024:2833", "tags": ["vendor-advisory", "x_refsource_REDHAT"]}, {"url": "https://access.redhat.com/errata/RHSA-2024:3527", "name": "RHSA-2024:3527", "tags": ["vendor-advisory", "x_refsource_REDHAT"]}, {"url": "https://access.redhat.com/errata/RHSA-2024:3989", "name": "RHSA-2024:3989", "tags": ["vendor-advisory", "x_refsource_REDHAT"]}, {"url": "https://access.redhat.com/errata/RHSA-2024:4884", "name": "RHSA-2024:4884", "tags": ["vendor-advisory", "x_refsource_REDHAT"]}, {"url": "https://access.redhat.com/security/cve/CVE-2024-1300", "tags": ["vdb-entry", "x_refsource_REDHAT"]}, {"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2263139", "name": "RHBZ#2263139", "tags": ["issue-tracking", "x_refsource_REDHAT"]}, {"url": "https://vertx.io/docs/vertx-core/java/#_server_name_indication_sni."}], "datePublic": "2024-02-06T00:00:00.000Z", "problemTypes": [{"descriptions": [{"cweId": "CWE-401", "description": "Missing Release of Memory after Effective Lifetime", "lang": "en", "type": "CWE"}]}], "x_redhatCweChain": "CWE-1392->CWE-401: Use of Default Credentials leads to Missing Release of Memory after Effective Lifetime", "workarounds": [{"lang": "en", "value": "Mitigation for this issue is either not available or the currently available options don't meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability."}], "timeline": [{"lang": "en", "time": "2024-02-07T00:00:00+00:00", "value": "Reported to Red Hat."}, {"lang": "en", "time": "2024-02-06T00:00:00+00:00", "value": "Made public."}], "providerMetadata": {"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat", "dateUpdated": "2025-02-27T03:22:18.712Z"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2024-04-02T15:16:36.592165Z", "id": "CVE-2024-1300", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-06-20T19:53:23.394Z"}}, {"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-01T18:33:25.527Z"}, "title": "CVE Program Container", "references": [{"url": "https://access.redhat.com/errata/RHSA-2024:1662", "name": "RHSA-2024:1662", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"]}, {"url": "https://access.redhat.com/errata/RHSA-2024:1706", "name": "RHSA-2024:1706", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"]}, {"url": "https://access.redhat.com/errata/RHSA-2024:1923", "name": "RHSA-2024:1923", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"]}, {"url": "https://access.redhat.com/errata/RHSA-2024:2088", "name": "RHSA-2024:2088", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"]}, {"url": "https://access.redhat.com/errata/RHSA-2024:2833", "name": "RHSA-2024:2833", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"]}, {"url": "https://access.redhat.com/errata/RHSA-2024:3527", "name": "RHSA-2024:3527", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"]}, {"url": "https://access.redhat.com/errata/RHSA-2024:3989", "name": "RHSA-2024:3989", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"]}, {"url": "https://access.redhat.com/errata/RHSA-2024:4884", "name": "RHSA-2024:4884", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"]}, {"url": "https://access.redhat.com/security/cve/CVE-2024-1300", "tags": ["vdb-entry", "x_refsource_REDHAT", "x_transferred"]}, {"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2263139", "name": "RHBZ#2263139", "tags": ["issue-tracking", "x_refsource_REDHAT", "x_transferred"]}, {"url": "https://vertx.io/docs/vertx-core/java/#_server_name_indication_sni.", "tags": ["x_transferred"]}]}]}}

{

dataType : CVE_RECORD (string)

dataVersion : 5.1 (string)

cveMetadata : { »

cveId : CVE-2024-1300 (string)

assignerOrgId : 53f830b8-0a3f-465b-8143-3b8a9948e749 (string)

state : PUBLISHED (string)

assignerShortName : redhat (string)

dateReserved : 2024-02-07T07:11:11.156Z (string)

datePublished : 2024-04-02T07:33:05.215Z (string)

dateUpdated : 2025-02-27T03:22:18.712Z (string)

}

containers : { »

cna : { »

title : Io.vertx:vertx-core: memory leak when a tcp server is configured with tls and sni support (string)

metrics : [ »

0 : { »

other : { »

content : { »

value : Moderate (string)

namespace : https://access.redhat.com/security/updates/classification/ (string)

}

type : Red Hat severity rating (string)

}

1 : { »

cvssV3_1 : { »

attackComplexity : LOW (string)

attackVector : NETWORK (string)

availabilityImpact : LOW (string)

baseScore : 5.4 (number)

baseSeverity : MEDIUM (string)

confidentialityImpact : LOW (string)

integrityImpact : NONE (string)

privilegesRequired : LOW (string)

scope : UNCHANGED (string)

userInteraction : NONE (string)

vectorString : CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:L (string)

version : 3.1 (string)

}

format : CVSS (string)

}

]

descriptions : [ »

0 : { »

lang : en (string)

value : A vulnerability in the Eclipse Vert.x toolkit causes a memory leak in TCP servers configured with TLS and SNI support. When processing an unknown SNI server name assigned the default certificate instead of a mapped certificate, the SSL context is erroneously cached in the server name map, leading to memory exhaustion. This flaw allows attackers to send TLS client hello messages with fake server names, triggering a JVM out-of-memory error. (string)

}

]

affected : [ »

0 : { »

versions : [ »

0 : { »

status : affected (string)

version : 4.3.4 (string)

versionType : semver (string)

lessThanOrEqual : 4.5.2 (string)

}

]

packageName : io.vertx:vertx-core (string)

collectionURL : https://vertx.io/docs/vertx-core/java/ (string)

defaultStatus : unaffected (string)

}

1 : { »

vendor : Red Hat (string)

product : CEQ 3.2 (string)

collectionURL : https://access.redhat.com/downloads/content/package-browser/ (string)

defaultStatus : unaffected (string)

packageName : vertx-core (string)

cpes : [ »

0 : cpe:/a:redhat:camel_quarkus:3 (string)

]

}

2 : { »

vendor : Red Hat (string)

product : Cryostat 2 on RHEL 8 (string)

collectionURL : https://catalog.redhat.com/software/containers/ (string)

packageName : cryostat-tech-preview/cryostat-grafana-dashboard-rhel8 (string)

defaultStatus : affected (string)

versions : [ »

0 : { »

version : 2.4.0-7 (string)

lessThan : * (string)

versionType : rpm (string)

status : unaffected (string)

}

]

cpes : [ »

0 : cpe:/a:redhat:cryostat:2::el8 (string)

]

}

3 : { »

vendor : Red Hat (string)

product : Cryostat 2 on RHEL 8 (string)

collectionURL : https://catalog.redhat.com/software/containers/ (string)

packageName : cryostat-tech-preview/cryostat-operator-bundle (string)

defaultStatus : affected (string)

versions : [ »

0 : { »

version : 2.4.0-4 (string)

lessThan : * (string)

versionType : rpm (string)

status : unaffected (string)

}

]

cpes : [ »

0 : cpe:/a:redhat:cryostat:2::el8 (string)

]

}

4 : { »

vendor : Red Hat (string)

product : Cryostat 2 on RHEL 8 (string)

collectionURL : https://catalog.redhat.com/software/containers/ (string)

packageName : cryostat-tech-preview/cryostat-reports-rhel8 (string)

defaultStatus : affected (string)

versions : [ »

0 : { »

version : 2.4.0-4 (string)

lessThan : * (string)

versionType : rpm (string)

status : unaffected (string)

}

]

cpes : [ »

0 : cpe:/a:redhat:cryostat:2::el8 (string)

]

}

5 : { »

vendor : Red Hat (string)

product : Cryostat 2 on RHEL 8 (string)

collectionURL : https://catalog.redhat.com/software/containers/ (string)

packageName : cryostat-tech-preview/cryostat-rhel8 (string)

defaultStatus : affected (string)

versions : [ »

0 : { »

version : 2.4.0-4 (string)

lessThan : * (string)

versionType : rpm (string)

status : unaffected (string)

}

]

cpes : [ »

0 : cpe:/a:redhat:cryostat:2::el8 (string)

]

}

6 : { »

vendor : Red Hat (string)

product : Cryostat 2 on RHEL 8 (string)

collectionURL : https://catalog.redhat.com/software/containers/ (string)

packageName : cryostat-tech-preview/cryostat-rhel8-operator (string)

defaultStatus : affected (string)

versions : [ »

0 : { »

version : 2.4.0-9 (string)

lessThan : * (string)

versionType : rpm (string)

status : unaffected (string)

}

]

cpes : [ »

0 : cpe:/a:redhat:cryostat:2::el8 (string)

]

}

7 : { »

vendor : Red Hat (string)

product : Cryostat 2 on RHEL 8 (string)

collectionURL : https://catalog.redhat.com/software/containers/ (string)

packageName : cryostat-tech-preview/jfr-datasource-rhel8 (string)

defaultStatus : affected (string)

versions : [ »

0 : { »

version : 2.4.0-4 (string)

lessThan : * (string)

versionType : rpm (string)

status : unaffected (string)

}

]

cpes : [ »

0 : cpe:/a:redhat:cryostat:2::el8 (string)

]

}

8 : { »

vendor : Red Hat (string)

product : Migration Toolkit for Runtimes 1 on RHEL 8 (string)

collectionURL : https://catalog.redhat.com/software/containers/ (string)

packageName : mtr/mtr-operator-bundle (string)

defaultStatus : affected (string)

versions : [ »

0 : { »

version : 1.2-18 (string)

lessThan : * (string)

versionType : rpm (string)

status : unaffected (string)

}

]

cpes : [ »

0 : cpe:/a:redhat:migration_toolkit_runtimes:1.0::el8 (string)

]

}

9 : { »

vendor : Red Hat (string)

product : Migration Toolkit for Runtimes 1 on RHEL 8 (string)

collectionURL : https://catalog.redhat.com/software/containers/ (string)

packageName : mtr/mtr-rhel8-operator (string)

defaultStatus : affected (string)

versions : [ »

0 : { »

version : 1.2-11 (string)

lessThan : * (string)

versionType : rpm (string)

status : unaffected (string)

}

]

cpes : [ »

0 : cpe:/a:redhat:migration_toolkit_runtimes:1.0::el8 (string)

]

}

10 : { »

vendor : Red Hat (string)

product : Migration Toolkit for Runtimes 1 on RHEL 8 (string)

collectionURL : https://catalog.redhat.com/software/containers/ (string)

packageName : mtr/mtr-web-container-rhel8 (string)

defaultStatus : affected (string)

versions : [ »

0 : { »

version : 1.2-12 (string)

lessThan : * (string)

versionType : rpm (string)

status : unaffected (string)

}

]

cpes : [ »

0 : cpe:/a:redhat:migration_toolkit_runtimes:1.0::el8 (string)

]

}

11 : { »

vendor : Red Hat (string)

product : Migration Toolkit for Runtimes 1 on RHEL 8 (string)

collectionURL : https://catalog.redhat.com/software/containers/ (string)

packageName : mtr/mtr-web-executor-container-rhel8 (string)

defaultStatus : affected (string)

versions : [ »

0 : { »

version : 1.2-10 (string)

lessThan : * (string)

versionType : rpm (string)

status : unaffected (string)

}

]

cpes : [ »

0 : cpe:/a:redhat:migration_toolkit_runtimes:1.0::el8 (string)

]

}

12 : { »

vendor : Red Hat (string)

product : MTA-6.2-RHEL-9 (string)

collectionURL : https://catalog.redhat.com/software/containers/ (string)

packageName : mta/mta-windup-addon-rhel9 (string)

defaultStatus : affected (string)

versions : [ »

0 : { »

version : 6.2.3-2 (string)

lessThan : * (string)

versionType : rpm (string)

status : unaffected (string)

}

]

cpes : [ »

0 : cpe:/a:redhat:migration_toolkit_applications:6.2::el9 (string)

1 : cpe:/a:redhat:migration_toolkit_applications:6.2::el8 (string)

]

}

13 : { »

vendor : Red Hat (string)

product : Red Hat AMQ Streams 2.7.0 (string)

collectionURL : https://access.redhat.com/downloads/content/package-browser/ (string)

defaultStatus : unaffected (string)

packageName : vertx-core (string)

cpes : [ »

0 : cpe:/a:redhat:amq_streams:2 (string)

]

}

14 : { »

vendor : Red Hat (string)

product : Red Hat build of Apache Camel 4.4.1 for Spring Boot (string)

collectionURL : https://access.redhat.com/downloads/content/package-browser/ (string)

defaultStatus : unaffected (string)

packageName : vertx-core (string)

cpes : [ »

0 : cpe:/a:redhat:apache_camel_spring_boot:4.4.1 (string)

]

}

15 : { »

vendor : Red Hat (string)

product : Red Hat build of Quarkus 3.2.11.Final (string)

collectionURL : https://access.redhat.com/downloads/content/package-browser/ (string)

packageName : io.vertx/vertx-core (string)

defaultStatus : affected (string)

versions : [ »

0 : { »

version : 4.4.8.redhat-00001 (string)

lessThan : * (string)

versionType : rpm (string)

status : unaffected (string)

}

]

cpes : [ »

0 : cpe:/a:redhat:quarkus:3.2::el8 (string)

]

}

16 : { »

vendor : Red Hat (string)

product : RHINT Service Registry 2.5.11 GA (string)

collectionURL : https://access.redhat.com/downloads/content/package-browser/ (string)

defaultStatus : unaffected (string)

packageName : vertx-core (string)

cpes : [ »

0 : cpe:/a:redhat:service_registry:2.5 (string)

]

}

17 : { »

vendor : Red Hat (string)

product : A-MQ Clients 2 (string)

collectionURL : https://access.redhat.com/downloads/content/package-browser/ (string)

packageName : vertx-core (string)

defaultStatus : unaffected (string)

cpes : [ »

0 : cpe:/a:redhat:a_mq_clients:2 (string)

]

}

18 : { »

vendor : Red Hat (string)

product : OpenShift Serverless (string)

collectionURL : https://access.redhat.com/downloads/content/package-browser/ (string)

packageName : vertx-core (string)

defaultStatus : unaffected (string)

cpes : [ »

0 : cpe:/a:redhat:serverless:1 (string)

]

}

19 : { »

vendor : Red Hat (string)

product : Red Hat AMQ Broker 7 (string)

collectionURL : https://access.redhat.com/downloads/content/package-browser/ (string)

packageName : vertx-core (string)

defaultStatus : unaffected (string)

cpes : [ »

0 : cpe:/a:redhat:amq_broker:7 (string)

]

}

20 : { »

vendor : Red Hat (string)

product : Red Hat build of Apache Camel for Spring Boot 3 (string)

collectionURL : https://access.redhat.com/downloads/content/package-browser/ (string)

packageName : vertx-core (string)

defaultStatus : affected (string)

cpes : [ »

0 : cpe:/a:redhat:camel_spring_boot:3 (string)

]

}

21 : { »

vendor : Red Hat (string)

product : Red Hat Build of Keycloak (string)

collectionURL : https://access.redhat.com/downloads/content/package-browser/ (string)

packageName : vertx-core (string)

defaultStatus : affected (string)

cpes : [ »

0 : cpe:/a:redhat:build_keycloak: (string)

]

}

22 : { »

vendor : Red Hat (string)

product : Red Hat build of OptaPlanner 8 (string)

collectionURL : https://access.redhat.com/downloads/content/package-browser/ (string)

packageName : vertx-core (string)

defaultStatus : affected (string)

cpes : [ »

0 : cpe:/a:redhat:optaplanner:::el6 (string)

]

}

23 : { »

vendor : Red Hat (string)

product : Red Hat build of Quarkus (string)

collectionURL : https://access.redhat.com/downloads/content/package-browser/ (string)

packageName : io.vertx/vertx-core (string)

defaultStatus : affected (string)

cpes : [ »

0 : cpe:/a:redhat:quarkus:2 (string)

]

}

24 : { »

vendor : Red Hat (string)

product : Red Hat Data Grid 8 (string)

collectionURL : https://access.redhat.com/downloads/content/package-browser/ (string)

packageName : vertx-core (string)

defaultStatus : unaffected (string)

cpes : [ »

0 : cpe:/a:redhat:jboss_data_grid:8 (string)

]

}

25 : { »

vendor : Red Hat (string)

product : Red Hat Fuse 7 (string)

collectionURL : https://access.redhat.com/downloads/content/package-browser/ (string)

packageName : vertx-core (string)

defaultStatus : unaffected (string)

cpes : [ »

0 : cpe:/a:redhat:jboss_fuse:7 (string)

]

}

26 : { »

vendor : Red Hat (string)

product : Red Hat Integration Camel K (string)

collectionURL : https://access.redhat.com/downloads/content/package-browser/ (string)

packageName : vertx-core (string)

defaultStatus : affected (string)

cpes : [ »

0 : cpe:/a:redhat:integration:1 (string)

]

}

27 : { »

vendor : Red Hat (string)

product : Red Hat Integration Camel Quarkus (string)

collectionURL : https://access.redhat.com/downloads/content/package-browser/ (string)

packageName : vertx-core (string)

defaultStatus : affected (string)

cpes : [ »

0 : cpe:/a:redhat:camel_quarkus:2 (string)

]

}

28 : { »

vendor : Red Hat (string)

product : Red Hat JBoss Data Grid 7 (string)

collectionURL : https://access.redhat.com/jbossnetwork/restricted/listSoftware.html (string)

packageName : vertx-core (string)

defaultStatus : affected (string)

cpes : [ »

0 : cpe:/a:redhat:jboss_data_grid:7 (string)

]

}

29 : { »

vendor : Red Hat (string)

product : Red Hat JBoss Enterprise Application Platform 7 (string)

collectionURL : https://access.redhat.com/jbossnetwork/restricted/listSoftware.html (string)

packageName : vertx-core (string)

defaultStatus : unaffected (string)

cpes : [ »

0 : cpe:/a:redhat:jboss_enterprise_application_platform:7 (string)

]

}

30 : { »

vendor : Red Hat (string)

product : Red Hat JBoss Enterprise Application Platform 8 (string)

collectionURL : https://access.redhat.com/jbossnetwork/restricted/listSoftware.html (string)

packageName : vertx-core (string)

defaultStatus : unaffected (string)

cpes : [ »

0 : cpe:/a:redhat:jboss_enterprise_application_platform:8 (string)

]

}

31 : { »

vendor : Red Hat (string)

product : Red Hat JBoss Enterprise Application Platform Expansion Pack (string)

collectionURL : https://access.redhat.com/jbossnetwork/restricted/listSoftware.html (string)

packageName : vertx-core (string)

defaultStatus : unaffected (string)

cpes : [ »

0 : cpe:/a:redhat:jbosseapxp (string)

]

}

32 : { »

vendor : Red Hat (string)

product : Red Hat Process Automation 7 (string)

collectionURL : https://access.redhat.com/downloads/content/package-browser/ (string)

packageName : vertx-core (string)

defaultStatus : affected (string)

cpes : [ »

0 : cpe:/a:redhat:jboss_enterprise_bpms_platform:7 (string)

]

}

]

references : [ »

0 : { »

url : https://access.redhat.com/errata/RHSA-2024:1662 (string)

name : RHSA-2024:1662 (string)

tags : [ »

0 : vendor-advisory (string)

1 : x_refsource_REDHAT (string)

]

}

1 : { »

url : https://access.redhat.com/errata/RHSA-2024:1706 (string)

name : RHSA-2024:1706 (string)

tags : [ »

0 : vendor-advisory (string)

1 : x_refsource_REDHAT (string)

]

}

2 : { »

url : https://access.redhat.com/errata/RHSA-2024:1923 (string)

name : RHSA-2024:1923 (string)

tags : [ »

0 : vendor-advisory (string)

1 : x_refsource_REDHAT (string)

]

}

3 : { »

url : https://access.redhat.com/errata/RHSA-2024:2088 (string)

name : RHSA-2024:2088 (string)

tags : [ »

0 : vendor-advisory (string)

1 : x_refsource_REDHAT (string)

]

}

4 : { »

url : https://access.redhat.com/errata/RHSA-2024:2833 (string)

name : RHSA-2024:2833 (string)

tags : [ »

0 : vendor-advisory (string)

1 : x_refsource_REDHAT (string)

]

}

5 : { »

url : https://access.redhat.com/errata/RHSA-2024:3527 (string)

name : RHSA-2024:3527 (string)

tags : [ »

0 : vendor-advisory (string)

1 : x_refsource_REDHAT (string)

]

}

6 : { »

url : https://access.redhat.com/errata/RHSA-2024:3989 (string)

name : RHSA-2024:3989 (string)

tags : [ »

0 : vendor-advisory (string)

1 : x_refsource_REDHAT (string)

]

}

7 : { »

url : https://access.redhat.com/errata/RHSA-2024:4884 (string)

name : RHSA-2024:4884 (string)

tags : [ »

0 : vendor-advisory (string)

1 : x_refsource_REDHAT (string)

]

}

8 : { »

url : https://access.redhat.com/security/cve/CVE-2024-1300 (string)

tags : [ »

0 : vdb-entry (string)

1 : x_refsource_REDHAT (string)

]

}

9 : { »

url : https://bugzilla.redhat.com/show_bug.cgi?id=2263139 (string)

name : RHBZ#2263139 (string)

tags : [ »

0 : issue-tracking (string)

1 : x_refsource_REDHAT (string)

]

}

10 : { »

url : https://vertx.io/docs/vertx-core/java/#_server_name_indication_sni. (string)

}

]

datePublic : 2024-02-06T00:00:00.000Z (string)

problemTypes : [ »

0 : { »

descriptions : [ »

0 : { »

cweId : CWE-401 (string)

description : Missing Release of Memory after Effective Lifetime (string)

lang : en (string)

type : CWE (string)

}

]

}

]

x_redhatCweChain : CWE-1392->CWE-401: Use of Default Credentials leads to Missing Release of Memory after Effective Lifetime (string)

workarounds : [ »

0 : { »

lang : en (string)

value : Mitigation for this issue is either not available or the currently available options don't meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability. (string)

}

]

timeline : [ »

0 : { »

lang : en (string)

time : 2024-02-07T00:00:00+00:00 (string)

value : Reported to Red Hat. (string)

}

1 : { »

lang : en (string)

time : 2024-02-06T00:00:00+00:00 (string)

value : Made public. (string)

}

]

providerMetadata : { »

orgId : 53f830b8-0a3f-465b-8143-3b8a9948e749 (string)

shortName : redhat (string)

dateUpdated : 2025-02-27T03:22:18.712Z (string)

}

adp : [ »

0 : { »

metrics : [ »

0 : { »

other : { »

type : ssvc (string)

content : { »

timestamp : 2024-04-02T15:16:36.592165Z (string)

id : CVE-2024-1300 (string)

options : [ »

0 : { »

Exploitation : none (string)

}

1 : { »

Automatable : no (string)

}

2 : { »

Technical Impact : partial (string)

}

]

role : CISA Coordinator (string)

version : 2.0.3 (string)

}

]

title : CISA ADP Vulnrichment (string)

providerMetadata : { »

orgId : 134c704f-9b21-4f2e-91b3-4a467353bcc0 (string)

shortName : CISA-ADP (string)

dateUpdated : 2024-06-20T19:53:23.394Z (string)

}

1 : { »

providerMetadata : { »

orgId : af854a3a-2127-422b-91ae-364da2661108 (string)

shortName : CVE (string)

dateUpdated : 2024-08-01T18:33:25.527Z (string)

}

title : CVE Program Container (string)

references : [ »

0 : { »

url : https://access.redhat.com/errata/RHSA-2024:1662 (string)

name : RHSA-2024:1662 (string)

tags : [ »

0 : vendor-advisory (string)

1 : x_refsource_REDHAT (string)

2 : x_transferred (string)

]

}

1 : { »

url : https://access.redhat.com/errata/RHSA-2024:1706 (string)

name : RHSA-2024:1706 (string)

tags : [ »

0 : vendor-advisory (string)

1 : x_refsource_REDHAT (string)

2 : x_transferred (string)

]

}

2 : { »

url : https://access.redhat.com/errata/RHSA-2024:1923 (string)

name : RHSA-2024:1923 (string)

tags : [ »

0 : vendor-advisory (string)

1 : x_refsource_REDHAT (string)

2 : x_transferred (string)

]

}

3 : { »

url : https://access.redhat.com/errata/RHSA-2024:2088 (string)

name : RHSA-2024:2088 (string)

tags : [ »

0 : vendor-advisory (string)

1 : x_refsource_REDHAT (string)

2 : x_transferred (string)

]

}

4 : { »

url : https://access.redhat.com/errata/RHSA-2024:2833 (string)

name : RHSA-2024:2833 (string)

tags : [ »

0 : vendor-advisory (string)

1 : x_refsource_REDHAT (string)

2 : x_transferred (string)

]

}

5 : { »

url : https://access.redhat.com/errata/RHSA-2024:3527 (string)

name : RHSA-2024:3527 (string)

tags : [ »

0 : vendor-advisory (string)

1 : x_refsource_REDHAT (string)

2 : x_transferred (string)

]

}

6 : { »

url : https://access.redhat.com/errata/RHSA-2024:3989 (string)

name : RHSA-2024:3989 (string)

tags : [ »

0 : vendor-advisory (string)

1 : x_refsource_REDHAT (string)

2 : x_transferred (string)

]

}

7 : { »

url : https://access.redhat.com/errata/RHSA-2024:4884 (string)

name : RHSA-2024:4884 (string)

tags : [ »

0 : vendor-advisory (string)

1 : x_refsource_REDHAT (string)

2 : x_transferred (string)

]

}

8 : { »

url : https://access.redhat.com/security/cve/CVE-2024-1300 (string)

tags : [ »

0 : vdb-entry (string)

1 : x_refsource_REDHAT (string)

2 : x_transferred (string)

]

}

9 : { »

url : https://bugzilla.redhat.com/show_bug.cgi?id=2263139 (string)

name : RHBZ#2263139 (string)

tags : [ »

0 : issue-tracking (string)

1 : x_refsource_REDHAT (string)

2 : x_transferred (string)

]

}

10 : { »

url : https://vertx.io/docs/vertx-core/java/#_server_name_indication_sni. (string)

tags : [ »

0 : x_transferred (string)

]

}

]

}

]

}

Show plain JSON

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://access.redhat.com/errata/RHSA-2024:1662", "name": "RHSA-2024:1662", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"]}, {"url": "https://access.redhat.com/errata/RHSA-2024:1706", "name": "RHSA-2024:1706", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"]}, {"url": "https://access.redhat.com/errata/RHSA-2024:1923", "name": "RHSA-2024:1923", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"]}, {"url": "https://access.redhat.com/errata/RHSA-2024:2088", "name": "RHSA-2024:2088", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"]}, {"url": "https://access.redhat.com/errata/RHSA-2024:2833", "name": "RHSA-2024:2833", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"]}, {"url": "https://access.redhat.com/errata/RHSA-2024:3527", "name": "RHSA-2024:3527", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"]}, {"url": "https://access.redhat.com/errata/RHSA-2024:3989", "name": "RHSA-2024:3989", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"]}, {"url": "https://access.redhat.com/errata/RHSA-2024:4884", "name": "RHSA-2024:4884", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"]}, {"url": "https://access.redhat.com/security/cve/CVE-2024-1300", "tags": ["vdb-entry", "x_refsource_REDHAT", "x_transferred"]}, {"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2263139", "name": "RHBZ#2263139", "tags": ["issue-tracking", "x_refsource_REDHAT", "x_transferred"]}, {"url": "https://vertx.io/docs/vertx-core/java/#_server_name_indication_sni.", "tags": ["x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-01T18:33:25.527Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-1300", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-04-02T15:16:36.592165Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-06-20T19:53:20.714Z"}}], "cna": {"title": "Io.vertx:vertx-core: memory leak when a tcp server is configured with tls and sni support", "metrics": [{"other": {"type": "Red Hat severity rating", "content": {"value": "Moderate", "namespace": "https://access.redhat.com/security/updates/classification/"}}}, {"format": "CVSS", "cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.4, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:L", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "LOW", "privilegesRequired": "LOW", "confidentialityImpact": "LOW"}}], "affected": [{"versions": [{"status": "affected", "version": "4.3.4", "versionType": "semver", "lessThanOrEqual": "4.5.2"}], "packageName": "io.vertx:vertx-core", "collectionURL": "https://vertx.io/docs/vertx-core/java/", "defaultStatus": "unaffected"}, {"cpes": ["cpe:/a:redhat:camel_quarkus:3"], "vendor": "Red Hat", "product": "CEQ 3.2", "packageName": "vertx-core", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "defaultStatus": "unaffected"}, {"cpes": ["cpe:/a:redhat:cryostat:2::el8"], "vendor": "Red Hat", "product": "Cryostat 2 on RHEL 8", "versions": [{"status": "unaffected", "version": "2.4.0-7", "lessThan": "*", "versionType": "rpm"}], "packageName": "cryostat-tech-preview/cryostat-grafana-dashboard-rhel8", "collectionURL": "https://catalog.redhat.com/software/containers/", "defaultStatus": "affected"}, {"cpes": ["cpe:/a:redhat:cryostat:2::el8"], "vendor": "Red Hat", "product": "Cryostat 2 on RHEL 8", "versions": [{"status": "unaffected", "version": "2.4.0-4", "lessThan": "*", "versionType": "rpm"}], "packageName": "cryostat-tech-preview/cryostat-operator-bundle", "collectionURL": "https://catalog.redhat.com/software/containers/", "defaultStatus": "affected"}, {"cpes": ["cpe:/a:redhat:cryostat:2::el8"], "vendor": "Red Hat", "product": "Cryostat 2 on RHEL 8", "versions": [{"status": "unaffected", "version": "2.4.0-4", "lessThan": "*", "versionType": "rpm"}], "packageName": "cryostat-tech-preview/cryostat-reports-rhel8", "collectionURL": "https://catalog.redhat.com/software/containers/", "defaultStatus": "affected"}, {"cpes": ["cpe:/a:redhat:cryostat:2::el8"], "vendor": "Red Hat", "product": "Cryostat 2 on RHEL 8", "versions": [{"status": "unaffected", "version": "2.4.0-4", "lessThan": "*", "versionType": "rpm"}], "packageName": "cryostat-tech-preview/cryostat-rhel8", "collectionURL": "https://catalog.redhat.com/software/containers/", "defaultStatus": "affected"}, {"cpes": ["cpe:/a:redhat:cryostat:2::el8"], "vendor": "Red Hat", "product": "Cryostat 2 on RHEL 8", "versions": [{"status": "unaffected", "version": "2.4.0-9", "lessThan": "*", "versionType": "rpm"}], "packageName": "cryostat-tech-preview/cryostat-rhel8-operator", "collectionURL": "https://catalog.redhat.com/software/containers/", "defaultStatus": "affected"}, {"cpes": ["cpe:/a:redhat:cryostat:2::el8"], "vendor": "Red Hat", "product": "Cryostat 2 on RHEL 8", "versions": [{"status": "unaffected", "version": "2.4.0-4", "lessThan": "*", "versionType": "rpm"}], "packageName": "cryostat-tech-preview/jfr-datasource-rhel8", "collectionURL": "https://catalog.redhat.com/software/containers/", "defaultStatus": "affected"}, {"cpes": ["cpe:/a:redhat:migration_toolkit_runtimes:1.0::el8"], "vendor": "Red Hat", "product": "Migration Toolkit for Runtimes 1 on RHEL 8", "versions": [{"status": "unaffected", "version": "1.2-18", "lessThan": "*", "versionType": "rpm"}], "packageName": "mtr/mtr-operator-bundle", "collectionURL": "https://catalog.redhat.com/software/containers/", "defaultStatus": "affected"}, {"cpes": ["cpe:/a:redhat:migration_toolkit_runtimes:1.0::el8"], "vendor": "Red Hat", "product": "Migration Toolkit for Runtimes 1 on RHEL 8", "versions": [{"status": "unaffected", "version": "1.2-11", "lessThan": "*", "versionType": "rpm"}], "packageName": "mtr/mtr-rhel8-operator", "collectionURL": "https://catalog.redhat.com/software/containers/", "defaultStatus": "affected"}, {"cpes": ["cpe:/a:redhat:migration_toolkit_runtimes:1.0::el8"], "vendor": "Red Hat", "product": "Migration Toolkit for Runtimes 1 on RHEL 8", "versions": [{"status": "unaffected", "version": "1.2-12", "lessThan": "*", "versionType": "rpm"}], "packageName": "mtr/mtr-web-container-rhel8", "collectionURL": "https://catalog.redhat.com/software/containers/", "defaultStatus": "affected"}, {"cpes": ["cpe:/a:redhat:migration_toolkit_runtimes:1.0::el8"], "vendor": "Red Hat", "product": "Migration Toolkit for Runtimes 1 on RHEL 8", "versions": [{"status": "unaffected", "version": "1.2-10", "lessThan": "*", "versionType": "rpm"}], "packageName": "mtr/mtr-web-executor-container-rhel8", "collectionURL": "https://catalog.redhat.com/software/containers/", "defaultStatus": "affected"}, {"cpes": ["cpe:/a:redhat:migration_toolkit_applications:6.2::el9", "cpe:/a:redhat:migration_toolkit_applications:6.2::el8"], "vendor": "Red Hat", "product": "MTA-6.2-RHEL-9", "versions": [{"status": "unaffected", "version": "6.2.3-2", "lessThan": "*", "versionType": "rpm"}], "packageName": "mta/mta-windup-addon-rhel9", "collectionURL": "https://catalog.redhat.com/software/containers/", "defaultStatus": "affected"}, {"cpes": ["cpe:/a:redhat:amq_streams:2"], "vendor": "Red Hat", "product": "Red Hat AMQ Streams 2.7.0", "packageName": "vertx-core", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "defaultStatus": "unaffected"}, {"cpes": ["cpe:/a:redhat:apache_camel_spring_boot:4.4.1"], "vendor": "Red Hat", "product": "Red Hat build of Apache Camel 4.4.1 for Spring Boot", "packageName": "vertx-core", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "defaultStatus": "unaffected"}, {"cpes": ["cpe:/a:redhat:quarkus:3.2::el8"], "vendor": "Red Hat", "product": "Red Hat build of Quarkus 3.2.11.Final", "versions": [{"status": "unaffected", "version": "4.4.8.redhat-00001", "lessThan": "*", "versionType": "rpm"}], "packageName": "io.vertx/vertx-core", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "defaultStatus": "affected"}, {"cpes": ["cpe:/a:redhat:service_registry:2.5"], "vendor": "Red Hat", "product": "RHINT Service Registry 2.5.11 GA", "packageName": "vertx-core", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "defaultStatus": "unaffected"}, {"cpes": ["cpe:/a:redhat:a_mq_clients:2"], "vendor": "Red Hat", "product": "A-MQ Clients 2", "packageName": "vertx-core", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "defaultStatus": "unaffected"}, {"cpes": ["cpe:/a:redhat:serverless:1"], "vendor": "Red Hat", "product": "OpenShift Serverless", "packageName": "vertx-core", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "defaultStatus": "unaffected"}, {"cpes": ["cpe:/a:redhat:amq_broker:7"], "vendor": "Red Hat", "product": "Red Hat AMQ Broker 7", "packageName": "vertx-core", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "defaultStatus": "unaffected"}, {"cpes": ["cpe:/a:redhat:camel_spring_boot:3"], "vendor": "Red Hat", "product": "Red Hat build of Apache Camel for Spring Boot 3", "packageName": "vertx-core", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "defaultStatus": "affected"}, {"cpes": ["cpe:/a:redhat:build_keycloak:"], "vendor": "Red Hat", "product": "Red Hat Build of Keycloak", "packageName": "vertx-core", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "defaultStatus": "affected"}, {"cpes": ["cpe:/a:redhat:optaplanner:::el6"], "vendor": "Red Hat", "product": "Red Hat build of OptaPlanner 8", "packageName": "vertx-core", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "defaultStatus": "affected"}, {"cpes": ["cpe:/a:redhat:quarkus:2"], "vendor": "Red Hat", "product": "Red Hat build of Quarkus", "packageName": "io.vertx/vertx-core", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "defaultStatus": "affected"}, {"cpes": ["cpe:/a:redhat:jboss_data_grid:8"], "vendor": "Red Hat", "product": "Red Hat Data Grid 8", "packageName": "vertx-core", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "defaultStatus": "unaffected"}, {"cpes": ["cpe:/a:redhat:jboss_fuse:7"], "vendor": "Red Hat", "product": "Red Hat Fuse 7", "packageName": "vertx-core", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "defaultStatus": "unaffected"}, {"cpes": ["cpe:/a:redhat:integration:1"], "vendor": "Red Hat", "product": "Red Hat Integration Camel K", "packageName": "vertx-core", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "defaultStatus": "affected"}, {"cpes": ["cpe:/a:redhat:camel_quarkus:2"], "vendor": "Red Hat", "product": "Red Hat Integration Camel Quarkus", "packageName": "vertx-core", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "defaultStatus": "affected"}, {"cpes": ["cpe:/a:redhat:jboss_data_grid:7"], "vendor": "Red Hat", "product": "Red Hat JBoss Data Grid 7", "packageName": "vertx-core", "collectionURL": "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html", "defaultStatus": "affected"}, {"cpes": ["cpe:/a:redhat:jboss_enterprise_application_platform:7"], "vendor": "Red Hat", "product": "Red Hat JBoss Enterprise Application Platform 7", "packageName": "vertx-core", "collectionURL": "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html", "defaultStatus": "unaffected"}, {"cpes": ["cpe:/a:redhat:jboss_enterprise_application_platform:8"], "vendor": "Red Hat", "product": "Red Hat JBoss Enterprise Application Platform 8", "packageName": "vertx-core", "collectionURL": "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html", "defaultStatus": "unaffected"}, {"cpes": ["cpe:/a:redhat:jbosseapxp"], "vendor": "Red Hat", "product": "Red Hat JBoss Enterprise Application Platform Expansion Pack", "packageName": "vertx-core", "collectionURL": "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html", "defaultStatus": "unaffected"}, {"cpes": ["cpe:/a:redhat:jboss_enterprise_bpms_platform:7"], "vendor": "Red Hat", "product": "Red Hat Process Automation 7", "packageName": "vertx-core", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "defaultStatus": "affected"}], "timeline": [{"lang": "en", "time": "2024-02-07T00:00:00+00:00", "value": "Reported to Red Hat."}, {"lang": "en", "time": "2024-02-06T00:00:00+00:00", "value": "Made public."}], "datePublic": "2024-02-06T00:00:00+00:00", "references": [{"url": "https://access.redhat.com/errata/RHSA-2024:1662", "name": "RHSA-2024:1662", "tags": ["vendor-advisory", "x_refsource_REDHAT"]}, {"url": "https://access.redhat.com/errata/RHSA-2024:1706", "name": "RHSA-2024:1706", "tags": ["vendor-advisory", "x_refsource_REDHAT"]}, {"url": "https://access.redhat.com/errata/RHSA-2024:1923", "name": "RHSA-2024:1923", "tags": ["vendor-advisory", "x_refsource_REDHAT"]}, {"url": "https://access.redhat.com/errata/RHSA-2024:2088", "name": "RHSA-2024:2088", "tags": ["vendor-advisory", "x_refsource_REDHAT"]}, {"url": "https://access.redhat.com/errata/RHSA-2024:2833", "name": "RHSA-2024:2833", "tags": ["vendor-advisory", "x_refsource_REDHAT"]}, {"url": "https://access.redhat.com/errata/RHSA-2024:3527", "name": "RHSA-2024:3527", "tags": ["vendor-advisory", "x_refsource_REDHAT"]}, {"url": "https://access.redhat.com/errata/RHSA-2024:3989", "name": "RHSA-2024:3989", "tags": ["vendor-advisory", "x_refsource_REDHAT"]}, {"url": "https://access.redhat.com/errata/RHSA-2024:4884", "name": "RHSA-2024:4884", "tags": ["vendor-advisory", "x_refsource_REDHAT"]}, {"url": "https://access.redhat.com/security/cve/CVE-2024-1300", "tags": ["vdb-entry", "x_refsource_REDHAT"]}, {"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2263139", "name": "RHBZ#2263139", "tags": ["issue-tracking", "x_refsource_REDHAT"]}, {"url": "https://vertx.io/docs/vertx-core/java/#_server_name_indication_sni."}], "workarounds": [{"lang": "en", "value": "Mitigation for this issue is either not available or the currently available options don't meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability."}], "descriptions": [{"lang": "en", "value": "A vulnerability in the Eclipse Vert.x toolkit causes a memory leak in TCP servers configured with TLS and SNI support. When processing an unknown SNI server name assigned the default certificate instead of a mapped certificate, the SSL context is erroneously cached in the server name map, leading to memory exhaustion. This flaw allows attackers to send TLS client hello messages with fake server names, triggering a JVM out-of-memory error."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-401", "description": "Missing Release of Memory after Effective Lifetime"}]}], "providerMetadata": {"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat", "dateUpdated": "2024-11-25T02:45:39.468Z"}, "x_redhatCweChain": "CWE-1392->CWE-401: Use of Default Credentials leads to Missing Release of Memory after Effective Lifetime"}}, "cveMetadata": {"cveId": "CVE-2024-1300", "state": "PUBLISHED", "dateUpdated": "2024-11-25T02:45:39.468Z", "dateReserved": "2024-02-07T07:11:11.156Z", "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "datePublished": "2024-04-02T07:33:05.215Z", "assignerShortName": "redhat"}, "dataVersion": "5.1"}

{

dataType : CVE_RECORD (string)

containers : { »

adp : [ »

0 : { »

title : CVE Program Container (string)

references : [ »

0 : { »

url : https://access.redhat.com/errata/RHSA-2024:1662 (string)

name : RHSA-2024:1662 (string)

tags : [ »

0 : vendor-advisory (string)

1 : x_refsource_REDHAT (string)

2 : x_transferred (string)

]

}

1 : { »

url : https://access.redhat.com/errata/RHSA-2024:1706 (string)

name : RHSA-2024:1706 (string)

tags : [ »

0 : vendor-advisory (string)

1 : x_refsource_REDHAT (string)

2 : x_transferred (string)

]

}

2 : { »

url : https://access.redhat.com/errata/RHSA-2024:1923 (string)

name : RHSA-2024:1923 (string)

tags : [ »

0 : vendor-advisory (string)

1 : x_refsource_REDHAT (string)

2 : x_transferred (string)

]

}

3 : { »

url : https://access.redhat.com/errata/RHSA-2024:2088 (string)

name : RHSA-2024:2088 (string)

tags : [ »

0 : vendor-advisory (string)

1 : x_refsource_REDHAT (string)

2 : x_transferred (string)

]

}

4 : { »

url : https://access.redhat.com/errata/RHSA-2024:2833 (string)

name : RHSA-2024:2833 (string)

tags : [ »

0 : vendor-advisory (string)

1 : x_refsource_REDHAT (string)

2 : x_transferred (string)

]

}

5 : { »

url : https://access.redhat.com/errata/RHSA-2024:3527 (string)

name : RHSA-2024:3527 (string)

tags : [ »

0 : vendor-advisory (string)

1 : x_refsource_REDHAT (string)

2 : x_transferred (string)

]

}

6 : { »

url : https://access.redhat.com/errata/RHSA-2024:3989 (string)

name : RHSA-2024:3989 (string)

tags : [ »

0 : vendor-advisory (string)

1 : x_refsource_REDHAT (string)

2 : x_transferred (string)

]

}

7 : { »

url : https://access.redhat.com/errata/RHSA-2024:4884 (string)

name : RHSA-2024:4884 (string)

tags : [ »

0 : vendor-advisory (string)

1 : x_refsource_REDHAT (string)

2 : x_transferred (string)

]

}

8 : { »

url : https://access.redhat.com/security/cve/CVE-2024-1300 (string)

tags : [ »

0 : vdb-entry (string)

1 : x_refsource_REDHAT (string)

2 : x_transferred (string)

]

}

9 : { »

url : https://bugzilla.redhat.com/show_bug.cgi?id=2263139 (string)

name : RHBZ#2263139 (string)

tags : [ »

0 : issue-tracking (string)

1 : x_refsource_REDHAT (string)

2 : x_transferred (string)

]

}

10 : { »

url : https://vertx.io/docs/vertx-core/java/#_server_name_indication_sni. (string)

tags : [ »

0 : x_transferred (string)

]

}

]

providerMetadata : { »

orgId : af854a3a-2127-422b-91ae-364da2661108 (string)

shortName : CVE (string)

dateUpdated : 2024-08-01T18:33:25.527Z (string)

}

1 : { »

title : CISA ADP Vulnrichment (string)

metrics : [ »

0 : { »

other : { »

type : ssvc (string)

content : { »

id : CVE-2024-1300 (string)

role : CISA Coordinator (string)

options : [ »

0 : { »

Exploitation : none (string)

}

1 : { »

Automatable : no (string)

}

2 : { »

Technical Impact : partial (string)

}

]

version : 2.0.3 (string)

timestamp : 2024-04-02T15:16:36.592165Z (string)

}

]

providerMetadata : { »

orgId : 134c704f-9b21-4f2e-91b3-4a467353bcc0 (string)

shortName : CISA-ADP (string)

dateUpdated : 2024-06-20T19:53:20.714Z (string)

}

]

cna : { »

title : Io.vertx:vertx-core: memory leak when a tcp server is configured with tls and sni support (string)

metrics : [ »

0 : { »

other : { »

type : Red Hat severity rating (string)

content : { »

value : Moderate (string)

namespace : https://access.redhat.com/security/updates/classification/ (string)

}

1 : { »

format : CVSS (string)

cvssV3_1 : { »

scope : UNCHANGED (string)

version : 3.1 (string)

baseScore : 5.4 (number)

attackVector : NETWORK (string)

baseSeverity : MEDIUM (string)

vectorString : CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:L (string)

integrityImpact : NONE (string)

userInteraction : NONE (string)

attackComplexity : LOW (string)

availabilityImpact : LOW (string)

privilegesRequired : LOW (string)

confidentialityImpact : LOW (string)

}

]

affected : [ »

0 : { »

versions : [ »

0 : { »

status : affected (string)

version : 4.3.4 (string)

versionType : semver (string)

lessThanOrEqual : 4.5.2 (string)

}

]

packageName : io.vertx:vertx-core (string)

collectionURL : https://vertx.io/docs/vertx-core/java/ (string)

defaultStatus : unaffected (string)

}

1 : { »

cpes : [ »

0 : cpe:/a:redhat:camel_quarkus:3 (string)

]

vendor : Red Hat (string)

product : CEQ 3.2 (string)

packageName : vertx-core (string)

collectionURL : https://access.redhat.com/downloads/content/package-browser/ (string)

defaultStatus : unaffected (string)

}

2 : { »

cpes : [ »

0 : cpe:/a:redhat:cryostat:2::el8 (string)

]

vendor : Red Hat (string)

product : Cryostat 2 on RHEL 8 (string)

versions : [ »

0 : { »

status : unaffected (string)

version : 2.4.0-7 (string)

lessThan : * (string)

versionType : rpm (string)

}

]

packageName : cryostat-tech-preview/cryostat-grafana-dashboard-rhel8 (string)

collectionURL : https://catalog.redhat.com/software/containers/ (string)

defaultStatus : affected (string)

}

3 : { »

cpes : [ »

0 : cpe:/a:redhat:cryostat:2::el8 (string)

]

vendor : Red Hat (string)

product : Cryostat 2 on RHEL 8 (string)

versions : [ »

0 : { »

status : unaffected (string)

version : 2.4.0-4 (string)

lessThan : * (string)

versionType : rpm (string)

}

]

packageName : cryostat-tech-preview/cryostat-operator-bundle (string)

collectionURL : https://catalog.redhat.com/software/containers/ (string)

defaultStatus : affected (string)

}

4 : { »

cpes : [ »

0 : cpe:/a:redhat:cryostat:2::el8 (string)

]

vendor : Red Hat (string)

product : Cryostat 2 on RHEL 8 (string)

versions : [ »

0 : { »

status : unaffected (string)

version : 2.4.0-4 (string)

lessThan : * (string)

versionType : rpm (string)

}

]

packageName : cryostat-tech-preview/cryostat-reports-rhel8 (string)

collectionURL : https://catalog.redhat.com/software/containers/ (string)

defaultStatus : affected (string)

}

5 : { »

cpes : [ »

0 : cpe:/a:redhat:cryostat:2::el8 (string)

]

vendor : Red Hat (string)

product : Cryostat 2 on RHEL 8 (string)

versions : [ »

0 : { »

status : unaffected (string)

version : 2.4.0-4 (string)

lessThan : * (string)

versionType : rpm (string)

}

]

packageName : cryostat-tech-preview/cryostat-rhel8 (string)

collectionURL : https://catalog.redhat.com/software/containers/ (string)

defaultStatus : affected (string)

}

6 : { »

cpes : [ »

0 : cpe:/a:redhat:cryostat:2::el8 (string)

]

vendor : Red Hat (string)

product : Cryostat 2 on RHEL 8 (string)

versions : [ »

0 : { »

status : unaffected (string)

version : 2.4.0-9 (string)

lessThan : * (string)

versionType : rpm (string)

}

]

packageName : cryostat-tech-preview/cryostat-rhel8-operator (string)

collectionURL : https://catalog.redhat.com/software/containers/ (string)

defaultStatus : affected (string)

}

7 : { »

cpes : [ »

0 : cpe:/a:redhat:cryostat:2::el8 (string)

]

vendor : Red Hat (string)

product : Cryostat 2 on RHEL 8 (string)

versions : [ »

0 : { »

status : unaffected (string)

version : 2.4.0-4 (string)

lessThan : * (string)

versionType : rpm (string)

}

]

packageName : cryostat-tech-preview/jfr-datasource-rhel8 (string)

collectionURL : https://catalog.redhat.com/software/containers/ (string)

defaultStatus : affected (string)

}

8 : { »

cpes : [ »

0 : cpe:/a:redhat:migration_toolkit_runtimes:1.0::el8 (string)

]

vendor : Red Hat (string)

product : Migration Toolkit for Runtimes 1 on RHEL 8 (string)

versions : [ »

0 : { »

status : unaffected (string)

version : 1.2-18 (string)

lessThan : * (string)

versionType : rpm (string)

}

]

packageName : mtr/mtr-operator-bundle (string)

collectionURL : https://catalog.redhat.com/software/containers/ (string)

defaultStatus : affected (string)

}

9 : { »

cpes : [ »

0 : cpe:/a:redhat:migration_toolkit_runtimes:1.0::el8 (string)

]

vendor : Red Hat (string)

product : Migration Toolkit for Runtimes 1 on RHEL 8 (string)

versions : [ »

0 : { »

status : unaffected (string)

version : 1.2-11 (string)

lessThan : * (string)

versionType : rpm (string)

}

]

packageName : mtr/mtr-rhel8-operator (string)

collectionURL : https://catalog.redhat.com/software/containers/ (string)

defaultStatus : affected (string)

}

10 : { »

cpes : [ »

0 : cpe:/a:redhat:migration_toolkit_runtimes:1.0::el8 (string)

]

vendor : Red Hat (string)

product : Migration Toolkit for Runtimes 1 on RHEL 8 (string)

versions : [ »

0 : { »

status : unaffected (string)

version : 1.2-12 (string)

lessThan : * (string)

versionType : rpm (string)

}

]

packageName : mtr/mtr-web-container-rhel8 (string)

collectionURL : https://catalog.redhat.com/software/containers/ (string)

defaultStatus : affected (string)

}

11 : { »

cpes : [ »

0 : cpe:/a:redhat:migration_toolkit_runtimes:1.0::el8 (string)

]

vendor : Red Hat (string)

product : Migration Toolkit for Runtimes 1 on RHEL 8 (string)

versions : [ »

0 : { »

status : unaffected (string)

version : 1.2-10 (string)

lessThan : * (string)

versionType : rpm (string)

}

]

packageName : mtr/mtr-web-executor-container-rhel8 (string)

collectionURL : https://catalog.redhat.com/software/containers/ (string)

defaultStatus : affected (string)

}

12 : { »

cpes : [ »

0 : cpe:/a:redhat:migration_toolkit_applications:6.2::el9 (string)

1 : cpe:/a:redhat:migration_toolkit_applications:6.2::el8 (string)

]

vendor : Red Hat (string)

product : MTA-6.2-RHEL-9 (string)

versions : [ »

0 : { »

status : unaffected (string)

version : 6.2.3-2 (string)

lessThan : * (string)

versionType : rpm (string)

}

]

packageName : mta/mta-windup-addon-rhel9 (string)

collectionURL : https://catalog.redhat.com/software/containers/ (string)

defaultStatus : affected (string)

}

13 : { »

cpes : [ »

0 : cpe:/a:redhat:amq_streams:2 (string)

]

vendor : Red Hat (string)

product : Red Hat AMQ Streams 2.7.0 (string)

packageName : vertx-core (string)

collectionURL : https://access.redhat.com/downloads/content/package-browser/ (string)

defaultStatus : unaffected (string)

}

14 : { »

cpes : [ »

0 : cpe:/a:redhat:apache_camel_spring_boot:4.4.1 (string)

]

vendor : Red Hat (string)

product : Red Hat build of Apache Camel 4.4.1 for Spring Boot (string)

packageName : vertx-core (string)

collectionURL : https://access.redhat.com/downloads/content/package-browser/ (string)

defaultStatus : unaffected (string)

}

15 : { »

cpes : [ »

0 : cpe:/a:redhat:quarkus:3.2::el8 (string)

]

vendor : Red Hat (string)

product : Red Hat build of Quarkus 3.2.11.Final (string)

versions : [ »

0 : { »

status : unaffected (string)

version : 4.4.8.redhat-00001 (string)

lessThan : * (string)

versionType : rpm (string)

}

]

packageName : io.vertx/vertx-core (string)

collectionURL : https://access.redhat.com/downloads/content/package-browser/ (string)

defaultStatus : affected (string)

}

16 : { »

cpes : [ »

0 : cpe:/a:redhat:service_registry:2.5 (string)

]

vendor : Red Hat (string)

product : RHINT Service Registry 2.5.11 GA (string)

packageName : vertx-core (string)

collectionURL : https://access.redhat.com/downloads/content/package-browser/ (string)

defaultStatus : unaffected (string)

}

17 : { »

cpes : [ »

0 : cpe:/a:redhat:a_mq_clients:2 (string)

]

vendor : Red Hat (string)

product : A-MQ Clients 2 (string)

packageName : vertx-core (string)

collectionURL : https://access.redhat.com/downloads/content/package-browser/ (string)

defaultStatus : unaffected (string)

}

18 : { »

cpes : [ »

0 : cpe:/a:redhat:serverless:1 (string)

]

vendor : Red Hat (string)

product : OpenShift Serverless (string)

packageName : vertx-core (string)

collectionURL : https://access.redhat.com/downloads/content/package-browser/ (string)

defaultStatus : unaffected (string)

}

19 : { »

cpes : [ »

0 : cpe:/a:redhat:amq_broker:7 (string)

]

vendor : Red Hat (string)

product : Red Hat AMQ Broker 7 (string)

packageName : vertx-core (string)

collectionURL : https://access.redhat.com/downloads/content/package-browser/ (string)

defaultStatus : unaffected (string)

}

20 : { »

cpes : [ »

0 : cpe:/a:redhat:camel_spring_boot:3 (string)

]

vendor : Red Hat (string)

product : Red Hat build of Apache Camel for Spring Boot 3 (string)

packageName : vertx-core (string)

collectionURL : https://access.redhat.com/downloads/content/package-browser/ (string)

defaultStatus : affected (string)

}

21 : { »

cpes : [ »

0 : cpe:/a:redhat:build_keycloak: (string)

]

vendor : Red Hat (string)

product : Red Hat Build of Keycloak (string)

packageName : vertx-core (string)

collectionURL : https://access.redhat.com/downloads/content/package-browser/ (string)

defaultStatus : affected (string)

}

22 : { »

cpes : [ »

0 : cpe:/a:redhat:optaplanner:::el6 (string)

]

vendor : Red Hat (string)

product : Red Hat build of OptaPlanner 8 (string)

packageName : vertx-core (string)

collectionURL : https://access.redhat.com/downloads/content/package-browser/ (string)

defaultStatus : affected (string)

}

23 : { »

cpes : [ »

0 : cpe:/a:redhat:quarkus:2 (string)

]

vendor : Red Hat (string)

product : Red Hat build of Quarkus (string)

packageName : io.vertx/vertx-core (string)

collectionURL : https://access.redhat.com/downloads/content/package-browser/ (string)

defaultStatus : affected (string)

}

24 : { »

cpes : [ »

0 : cpe:/a:redhat:jboss_data_grid:8 (string)

]

vendor : Red Hat (string)

product : Red Hat Data Grid 8 (string)

packageName : vertx-core (string)

collectionURL : https://access.redhat.com/downloads/content/package-browser/ (string)

defaultStatus : unaffected (string)

}

25 : { »

cpes : [ »

0 : cpe:/a:redhat:jboss_fuse:7 (string)

]

vendor : Red Hat (string)

product : Red Hat Fuse 7 (string)

packageName : vertx-core (string)

collectionURL : https://access.redhat.com/downloads/content/package-browser/ (string)

defaultStatus : unaffected (string)

}

26 : { »

cpes : [ »

0 : cpe:/a:redhat:integration:1 (string)

]

vendor : Red Hat (string)

product : Red Hat Integration Camel K (string)

packageName : vertx-core (string)

collectionURL : https://access.redhat.com/downloads/content/package-browser/ (string)

defaultStatus : affected (string)

}

27 : { »

cpes : [ »

0 : cpe:/a:redhat:camel_quarkus:2 (string)

]

vendor : Red Hat (string)

product : Red Hat Integration Camel Quarkus (string)

packageName : vertx-core (string)

collectionURL : https://access.redhat.com/downloads/content/package-browser/ (string)

defaultStatus : affected (string)

}

28 : { »

cpes : [ »

0 : cpe:/a:redhat:jboss_data_grid:7 (string)

]

vendor : Red Hat (string)

product : Red Hat JBoss Data Grid 7 (string)

packageName : vertx-core (string)

collectionURL : https://access.redhat.com/jbossnetwork/restricted/listSoftware.html (string)

defaultStatus : affected (string)

}

29 : { »

cpes : [ »

0 : cpe:/a:redhat:jboss_enterprise_application_platform:7 (string)

]

vendor : Red Hat (string)

product : Red Hat JBoss Enterprise Application Platform 7 (string)

packageName : vertx-core (string)

collectionURL : https://access.redhat.com/jbossnetwork/restricted/listSoftware.html (string)

defaultStatus : unaffected (string)

}

30 : { »

cpes : [ »

0 : cpe:/a:redhat:jboss_enterprise_application_platform:8 (string)

]

vendor : Red Hat (string)

product : Red Hat JBoss Enterprise Application Platform 8 (string)

packageName : vertx-core (string)

collectionURL : https://access.redhat.com/jbossnetwork/restricted/listSoftware.html (string)

defaultStatus : unaffected (string)

}

31 : { »

cpes : [ »

0 : cpe:/a:redhat:jbosseapxp (string)

]

vendor : Red Hat (string)

product : Red Hat JBoss Enterprise Application Platform Expansion Pack (string)

packageName : vertx-core (string)

collectionURL : https://access.redhat.com/jbossnetwork/restricted/listSoftware.html (string)

defaultStatus : unaffected (string)

}

32 : { »

cpes : [ »

0 : cpe:/a:redhat:jboss_enterprise_bpms_platform:7 (string)

]

vendor : Red Hat (string)

product : Red Hat Process Automation 7 (string)

packageName : vertx-core (string)

collectionURL : https://access.redhat.com/downloads/content/package-browser/ (string)

defaultStatus : affected (string)

}

]

timeline : [ »

0 : { »

lang : en (string)

time : 2024-02-07T00:00:00+00:00 (string)

value : Reported to Red Hat. (string)

}

1 : { »

lang : en (string)

time : 2024-02-06T00:00:00+00:00 (string)

value : Made public. (string)

}

]

datePublic : 2024-02-06T00:00:00+00:00 (string)

references : [ »

0 : { »

url : https://access.redhat.com/errata/RHSA-2024:1662 (string)

name : RHSA-2024:1662 (string)

tags : [ »

0 : vendor-advisory (string)

1 : x_refsource_REDHAT (string)

]

}

1 : { »

url : https://access.redhat.com/errata/RHSA-2024:1706 (string)

name : RHSA-2024:1706 (string)

tags : [ »

0 : vendor-advisory (string)

1 : x_refsource_REDHAT (string)

]

}

2 : { »

url : https://access.redhat.com/errata/RHSA-2024:1923 (string)

name : RHSA-2024:1923 (string)

tags : [ »

0 : vendor-advisory (string)

1 : x_refsource_REDHAT (string)

]

}

3 : { »

url : https://access.redhat.com/errata/RHSA-2024:2088 (string)

name : RHSA-2024:2088 (string)

tags : [ »

0 : vendor-advisory (string)

1 : x_refsource_REDHAT (string)

]

}

4 : { »

url : https://access.redhat.com/errata/RHSA-2024:2833 (string)

name : RHSA-2024:2833 (string)

tags : [ »

0 : vendor-advisory (string)

1 : x_refsource_REDHAT (string)

]

}

5 : { »

url : https://access.redhat.com/errata/RHSA-2024:3527 (string)

name : RHSA-2024:3527 (string)

tags : [ »

0 : vendor-advisory (string)

1 : x_refsource_REDHAT (string)

]

}

6 : { »

url : https://access.redhat.com/errata/RHSA-2024:3989 (string)

name : RHSA-2024:3989 (string)

tags : [ »

0 : vendor-advisory (string)

1 : x_refsource_REDHAT (string)

]

}

7 : { »

url : https://access.redhat.com/errata/RHSA-2024:4884 (string)

name : RHSA-2024:4884 (string)

tags : [ »

0 : vendor-advisory (string)

1 : x_refsource_REDHAT (string)

]

}

8 : { »

url : https://access.redhat.com/security/cve/CVE-2024-1300 (string)

tags : [ »

0 : vdb-entry (string)

1 : x_refsource_REDHAT (string)

]

}

9 : { »

url : https://bugzilla.redhat.com/show_bug.cgi?id=2263139 (string)

name : RHBZ#2263139 (string)

tags : [ »

0 : issue-tracking (string)

1 : x_refsource_REDHAT (string)

]

}

10 : { »

url : https://vertx.io/docs/vertx-core/java/#_server_name_indication_sni. (string)

}

]

workarounds : [ »

0 : { »

lang : en (string)

}

]

descriptions : [ »

0 : { »

lang : en (string)

}

]

problemTypes : [ »

0 : { »

descriptions : [ »

0 : { »

lang : en (string)

type : CWE (string)

cweId : CWE-401 (string)

description : Missing Release of Memory after Effective Lifetime (string)

}

]

}

]

providerMetadata : { »

orgId : 53f830b8-0a3f-465b-8143-3b8a9948e749 (string)

shortName : redhat (string)

dateUpdated : 2024-11-25T02:45:39.468Z (string)

}

x_redhatCweChain : CWE-1392->CWE-401: Use of Default Credentials leads to Missing Release of Memory after Effective Lifetime (string)

}

cveMetadata : { »

cveId : CVE-2024-1300 (string)

state : PUBLISHED (string)

dateUpdated : 2024-11-25T02:45:39.468Z (string)

dateReserved : 2024-02-07T07:11:11.156Z (string)

assignerOrgId : 53f830b8-0a3f-465b-8143-3b8a9948e749 (string)

datePublished : 2024-04-02T07:33:05.215Z (string)

assignerShortName : redhat (string)

}

dataVersion : 5.1 (string)

}

Show plain JSON

{"descriptions": [{"lang": "en", "value": "A vulnerability in the Eclipse Vert.x toolkit causes a memory leak in TCP servers configured with TLS and SNI support. When processing an unknown SNI server name assigned the default certificate instead of a mapped certificate, the SSL context is erroneously cached in the server name map, leading to memory exhaustion. This flaw allows attackers to send TLS client hello messages with fake server names, triggering a JVM out-of-memory error."}, {"lang": "es", "value": "Una vulnerabilidad en Eclipse Vert.x toolkit provoca una p\u00e9rdida de memoria en servidores TCP configurados con soporte TLS y SNI. Al procesar un nombre de servidor SNI desconocido al que se le asigna el certificado predeterminado en lugar de un certificado asignado, el contexto SSL se almacena en cach\u00e9 por error en el mapa de nombres del servidor, lo que provoca que se agote la memoria. Esta falla permite a los atacantes enviar mensajes de saludo al cliente TLS con nombres de servidor falsos, lo que provoca un error de falta de memoria de JVM."}], "id": "CVE-2024-1300", "lastModified": "2024-11-25T03:15:10.053", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 5.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:L", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 2.5, "source": "secalert@redhat.com", "type": "Secondary"}]}, "published": "2024-04-02T08:15:53.993", "references": [{"source": "secalert@redhat.com", "url": "https://access.redhat.com/errata/RHSA-2024:1662"}, {"source": "secalert@redhat.com", "url": "https://access.redhat.com/errata/RHSA-2024:1706"}, {"source": "secalert@redhat.com", "url": "https://access.redhat.com/errata/RHSA-2024:1923"}, {"source": "secalert@redhat.com", "url": "https://access.redhat.com/errata/RHSA-2024:2088"}, {"source": "secalert@redhat.com", "url": "https://access.redhat.com/errata/RHSA-2024:2833"}, {"source": "secalert@redhat.com", "url": "https://access.redhat.com/errata/RHSA-2024:3527"}, {"source": "secalert@redhat.com", "url": "https://access.redhat.com/errata/RHSA-2024:3989"}, {"source": "secalert@redhat.com", "url": "https://access.redhat.com/errata/RHSA-2024:4884"}, {"source": "secalert@redhat.com", "url": "https://access.redhat.com/security/cve/CVE-2024-1300"}, {"source": "secalert@redhat.com", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2263139"}, {"source": "secalert@redhat.com", "url": "https://vertx.io/docs/vertx-core/java/#_server_name_indication_sni."}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://access.redhat.com/errata/RHSA-2024:1662"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://access.redhat.com/errata/RHSA-2024:1706"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://access.redhat.com/errata/RHSA-2024:1923"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://access.redhat.com/errata/RHSA-2024:2088"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://access.redhat.com/errata/RHSA-2024:2833"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://access.redhat.com/errata/RHSA-2024:3527"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://access.redhat.com/errata/RHSA-2024:3989"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://access.redhat.com/errata/RHSA-2024:4884"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://access.redhat.com/security/cve/CVE-2024-1300"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2263139"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://vertx.io/docs/vertx-core/java/#_server_name_indication_sni."}], "sourceIdentifier": "secalert@redhat.com", "vulnStatus": "Awaiting Analysis", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-401"}], "source": "secalert@redhat.com", "type": "Primary"}]}

{

descriptions : [ »

0 : { »

lang : en (string)

}

1 : { »

lang : es (string)

value : Una vulnerabilidad en Eclipse Vert.x toolkit provoca una pérdida de memoria en servidores TCP configurados con soporte TLS y SNI. Al procesar un nombre de servidor SNI desconocido al que se le asigna el certificado predeterminado en lugar de un certificado asignado, el contexto SSL se almacena en caché por error en el mapa de nombres del servidor, lo que provoca que se agote la memoria. Esta falla permite a los atacantes enviar mensajes de saludo al cliente TLS con nombres de servidor falsos, lo que provoca un error de falta de memoria de JVM. (string)

}

]

id : CVE-2024-1300 (string)

lastModified : 2024-11-25T03:15:10.053 (string)

metrics : { »

cvssMetricV31 : [ »

0 : { »

cvssData : { »

attackComplexity : LOW (string)

attackVector : NETWORK (string)

availabilityImpact : LOW (string)

baseScore : 5.4 (number)

baseSeverity : MEDIUM (string)

confidentialityImpact : LOW (string)

integrityImpact : NONE (string)

privilegesRequired : LOW (string)

scope : UNCHANGED (string)

userInteraction : NONE (string)

vectorString : CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:L (string)

version : 3.1 (string)

}

exploitabilityScore : 2.8 (number)

impactScore : 2.5 (number)

source : secalert@redhat.com (string)

type : Secondary (string)

}

]

}

published : 2024-04-02T08:15:53.993 (string)

references : [ »

0 : { »

source : secalert@redhat.com (string)

url : https://access.redhat.com/errata/RHSA-2024:1662 (string)

}

1 : { »

source : secalert@redhat.com (string)

url : https://access.redhat.com/errata/RHSA-2024:1706 (string)

}

2 : { »

source : secalert@redhat.com (string)

url : https://access.redhat.com/errata/RHSA-2024:1923 (string)

}

3 : { »

source : secalert@redhat.com (string)

url : https://access.redhat.com/errata/RHSA-2024:2088 (string)

}

4 : { »

source : secalert@redhat.com (string)

url : https://access.redhat.com/errata/RHSA-2024:2833 (string)

}

5 : { »

source : secalert@redhat.com (string)

url : https://access.redhat.com/errata/RHSA-2024:3527 (string)

}

6 : { »

source : secalert@redhat.com (string)

url : https://access.redhat.com/errata/RHSA-2024:3989 (string)

}

7 : { »

source : secalert@redhat.com (string)

url : https://access.redhat.com/errata/RHSA-2024:4884 (string)

}

8 : { »

source : secalert@redhat.com (string)

url : https://access.redhat.com/security/cve/CVE-2024-1300 (string)

}

9 : { »

source : secalert@redhat.com (string)

url : https://bugzilla.redhat.com/show_bug.cgi?id=2263139 (string)

}

10 : { »

source : secalert@redhat.com (string)

url : https://vertx.io/docs/vertx-core/java/#_server_name_indication_sni. (string)

}

11 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

url : https://access.redhat.com/errata/RHSA-2024:1662 (string)

}

12 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

url : https://access.redhat.com/errata/RHSA-2024:1706 (string)

}

13 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

url : https://access.redhat.com/errata/RHSA-2024:1923 (string)

}

14 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

url : https://access.redhat.com/errata/RHSA-2024:2088 (string)

}

15 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

url : https://access.redhat.com/errata/RHSA-2024:2833 (string)

}

16 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

url : https://access.redhat.com/errata/RHSA-2024:3527 (string)

}

17 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

url : https://access.redhat.com/errata/RHSA-2024:3989 (string)

}

18 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

url : https://access.redhat.com/errata/RHSA-2024:4884 (string)

}

19 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

url : https://access.redhat.com/security/cve/CVE-2024-1300 (string)

}

20 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

url : https://bugzilla.redhat.com/show_bug.cgi?id=2263139 (string)

}

21 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

url : https://vertx.io/docs/vertx-core/java/#_server_name_indication_sni. (string)

}

]

sourceIdentifier : secalert@redhat.com (string)

vulnStatus : Awaiting Analysis (string)

weaknesses : [ »

0 : { »

description : [ »

0 : { »

lang : en (string)

value : CWE-401 (string)

}

]

source : secalert@redhat.com (string)

type : Primary (string)

}

]

}

Show plain JSON

{"affected_release": [{"advisory": "RHSA-2024:1706", "cpe": "cpe:/a:redhat:camel_quarkus:3", "package": "vertx-core", "product_name": "CEQ 3.2", "release_date": "2024-04-09T00:00:00Z"}, {"advisory": "RHSA-2024:2088", "cpe": "cpe:/a:redhat:cryostat:2::el8", "package": "cryostat-tech-preview/cryostat-grafana-dashboard-rhel8:2.4.0-7", "product_name": "Cryostat 2 on RHEL 8", "release_date": "2024-04-29T00:00:00Z"}, {"advisory": "RHSA-2024:2088", "cpe": "cpe:/a:redhat:cryostat:2::el8", "package": "cryostat-tech-preview/cryostat-operator-bundle:2.4.0-4", "product_name": "Cryostat 2 on RHEL 8", "release_date": "2024-04-29T00:00:00Z"}, {"advisory": "RHSA-2024:2088", "cpe": "cpe:/a:redhat:cryostat:2::el8", "package": "cryostat-tech-preview/cryostat-reports-rhel8:2.4.0-4", "product_name": "Cryostat 2 on RHEL 8", "release_date": "2024-04-29T00:00:00Z"}, {"advisory": "RHSA-2024:2088", "cpe": "cpe:/a:redhat:cryostat:2::el8", "package": "cryostat-tech-preview/cryostat-rhel8:2.4.0-4", "product_name": "Cryostat 2 on RHEL 8", "release_date": "2024-04-29T00:00:00Z"}, {"advisory": "RHSA-2024:2088", "cpe": "cpe:/a:redhat:cryostat:2::el8", "package": "cryostat-tech-preview/cryostat-rhel8-operator:2.4.0-9", "product_name": "Cryostat 2 on RHEL 8", "release_date": "2024-04-29T00:00:00Z"}, {"advisory": "RHSA-2024:2088", "cpe": "cpe:/a:redhat:cryostat:2::el8", "package": "cryostat-tech-preview/jfr-datasource-rhel8:2.4.0-4", "product_name": "Cryostat 2 on RHEL 8", "release_date": "2024-04-29T00:00:00Z"}, {"advisory": "RHSA-2024:1923", "cpe": "cpe:/a:redhat:migration_toolkit_runtimes:1.0::el8", "package": "mtr/mtr-operator-bundle:1.2-18", "product_name": "Migration Toolkit for Runtimes 1 on RHEL 8", "release_date": "2024-04-18T00:00:00Z"}, {"advisory": "RHSA-2024:1923", "cpe": "cpe:/a:redhat:migration_toolkit_runtimes:1.0::el8", "package": "mtr/mtr-rhel8-operator:1.2-11", "product_name": "Migration Toolkit for Runtimes 1 on RHEL 8", "release_date": "2024-04-18T00:00:00Z"}, {"advisory": "RHSA-2024:1923", "cpe": "cpe:/a:redhat:migration_toolkit_runtimes:1.0::el8", "package": "mtr/mtr-web-container-rhel8:1.2-12", "product_name": "Migration Toolkit for Runtimes 1 on RHEL 8", "release_date": "2024-04-18T00:00:00Z"}, {"advisory": "RHSA-2024:1923", "cpe": "cpe:/a:redhat:migration_toolkit_runtimes:1.0::el8", "package": "mtr/mtr-web-executor-container-rhel8:1.2-10", "product_name": "Migration Toolkit for Runtimes 1 on RHEL 8", "release_date": "2024-04-18T00:00:00Z"}, {"advisory": "RHSA-2024:3989", "cpe": "cpe:/a:redhat:migration_toolkit_applications:6.2::el9", "package": "mta/mta-windup-addon-rhel9:6.2.3-2", "product_name": "MTA-6.2-RHEL-9", "release_date": "2024-06-20T00:00:00Z"}, {"advisory": "RHSA-2024:3527", "cpe": "cpe:/a:redhat:amq_streams:2", "package": "vertx-core", "product_name": "Red Hat AMQ Streams 2.7.0", "release_date": "2024-05-30T00:00:00Z"}, {"advisory": "RHSA-2024:4884", "cpe": "cpe:/a:redhat:apache_camel_spring_boot:4.4.1", "package": "vertx-core", "product_name": "Red Hat build of Apache Camel 4.4.1 for Spring Boot", "release_date": "2024-07-25T00:00:00Z"}, {"advisory": "RHSA-2024:1662", "cpe": "cpe:/a:redhat:quarkus:3.2::el8", "package": "io.vertx/vertx-core:4.4.8.redhat-00001", "product_name": "Red Hat build of Quarkus 3.2.11.Final", "release_date": "2024-04-03T00:00:00Z"}, {"advisory": "RHSA-2024:2833", "cpe": "cpe:/a:redhat:service_registry:2.5", "package": "vertx-core", "product_name": "RHINT Service Registry 2.5.11 GA", "release_date": "2024-05-14T00:00:00Z"}], "bugzilla": {"description": "io.vertx:vertx-core: memory leak when a TCP server is configured with TLS and SNI support", "id": "2263139", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2263139"}, "csaw": false, "cvss3": {"cvss3_base_score": "5.4", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:L", "status": "verified"}, "cwe": "CWE-1392->CWE-401", "details": ["A vulnerability in the Eclipse Vert.x toolkit causes a memory leak in TCP servers configured with TLS and SNI support. When processing an unknown SNI server name assigned the default certificate instead of a mapped certificate, the SSL context is erroneously cached in the server name map, leading to memory exhaustion. This flaw allows attackers to send TLS client hello messages with fake server names, triggering a JVM out-of-memory error.", "A vulnerability in the Eclipse Vert.x toolkit causes a memory leak in TCP servers configured with TLS and SNI support. When processing an unknown SNI server name assigned the default certificate instead of a mapped certificate, the SSL context is erroneously cached in the server name map, leading to memory exhaustion. This flaw allows attackers to send TLS client hello messages with fake server names, triggering a JVM out-of-memory error."], "mitigation": {"lang": "en:us", "value": "Mitigation for this issue is either not available or the currently available options don't meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability."}, "name": "CVE-2024-1300", "package_state": [{"cpe": "cpe:/a:redhat:a_mq_clients:2", "fix_state": "Not affected", "package_name": "vertx-core", "product_name": "A-MQ Clients 2"}, {"cpe": "cpe:/a:redhat:serverless:1", "fix_state": "Not affected", "package_name": "vertx-core", "product_name": "OpenShift Serverless"}, {"cpe": "cpe:/a:redhat:amq_broker:7", "fix_state": "Not affected", "package_name": "vertx-core", "product_name": "Red Hat AMQ Broker 7"}, {"cpe": "cpe:/a:redhat:camel_spring_boot:3", "fix_state": "Will not fix", "package_name": "vertx-core", "product_name": "Red Hat build of Apache Camel for Spring Boot 3"}, {"cpe": "cpe:/a:redhat:build_keycloak:", "fix_state": "Affected", "package_name": "vertx-core", "product_name": "Red Hat Build of Keycloak"}, {"cpe": "cpe:/a:redhat:optaplanner:::el6", "fix_state": "Will not fix", "package_name": "vertx-core", "product_name": "Red Hat build of OptaPlanner 8"}, {"cpe": "cpe:/a:redhat:quarkus:2", "fix_state": "Will not fix", "package_name": "io.vertx/vertx-core", "product_name": "Red Hat build of Quarkus"}, {"cpe": "cpe:/a:redhat:jboss_data_grid:8", "fix_state": "Not affected", "package_name": "vertx-core", "product_name": "Red Hat Data Grid 8"}, {"cpe": "cpe:/a:redhat:jboss_fuse:7", "fix_state": "Not affected", "package_name": "vertx-core", "product_name": "Red Hat Fuse 7"}, {"cpe": "cpe:/a:redhat:integration:1", "fix_state": "Will not fix", "package_name": "vertx-core", "product_name": "Red Hat Integration Camel K"}, {"cpe": "cpe:/a:redhat:camel_quarkus:2", "fix_state": "Will not fix", "package_name": "vertx-core", "product_name": "Red Hat Integration Camel Quarkus"}, {"cpe": "cpe:/a:redhat:jboss_data_grid:7", "fix_state": "Will not fix", "package_name": "vertx-core", "product_name": "Red Hat JBoss Data Grid 7"}, {"cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:7", "fix_state": "Not affected", "package_name": "vertx-core", "product_name": "Red Hat JBoss Enterprise Application Platform 7"}, {"cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:8", "fix_state": "Not affected", "package_name": "vertx-core", "product_name": "Red Hat JBoss Enterprise Application Platform 8"}, {"cpe": "cpe:/a:redhat:jbosseapxp", "fix_state": "Not affected", "package_name": "vertx-core", "product_name": "Red Hat JBoss Enterprise Application Platform Expansion Pack"}, {"cpe": "cpe:/a:redhat:jboss_enterprise_bpms_platform:7", "fix_state": "Will not fix", "package_name": "vertx-core", "product_name": "Red Hat Process Automation 7"}], "public_date": "2024-02-06T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2024-1300\nhttps://nvd.nist.gov/vuln/detail/CVE-2024-1300\nhttps://vertx.io/docs/vertx-core/java/#_server_name_indication_sni."], "statement": "This affects only TLS servers with SNI enabled.", "threat_severity": "Moderate"}

{

affected_release : [ »

0 : { »

advisory : RHSA-2024:1706 (string)

cpe : cpe:/a:redhat:camel_quarkus:3 (string)

package : vertx-core (string)

product_name : CEQ 3.2 (string)

release_date : 2024-04-09T00:00:00Z (string)

}

1 : { »

advisory : RHSA-2024:2088 (string)

cpe : cpe:/a:redhat:cryostat:2::el8 (string)

package : cryostat-tech-preview/cryostat-grafana-dashboard-rhel8:2.4.0-7 (string)

product_name : Cryostat 2 on RHEL 8 (string)

release_date : 2024-04-29T00:00:00Z (string)

}

2 : { »

advisory : RHSA-2024:2088 (string)

cpe : cpe:/a:redhat:cryostat:2::el8 (string)

package : cryostat-tech-preview/cryostat-operator-bundle:2.4.0-4 (string)

product_name : Cryostat 2 on RHEL 8 (string)

release_date : 2024-04-29T00:00:00Z (string)

}

3 : { »

advisory : RHSA-2024:2088 (string)

cpe : cpe:/a:redhat:cryostat:2::el8 (string)

package : cryostat-tech-preview/cryostat-reports-rhel8:2.4.0-4 (string)

product_name : Cryostat 2 on RHEL 8 (string)

release_date : 2024-04-29T00:00:00Z (string)

}

4 : { »

advisory : RHSA-2024:2088 (string)

cpe : cpe:/a:redhat:cryostat:2::el8 (string)

package : cryostat-tech-preview/cryostat-rhel8:2.4.0-4 (string)

product_name : Cryostat 2 on RHEL 8 (string)

release_date : 2024-04-29T00:00:00Z (string)

}

5 : { »

advisory : RHSA-2024:2088 (string)

cpe : cpe:/a:redhat:cryostat:2::el8 (string)

package : cryostat-tech-preview/cryostat-rhel8-operator:2.4.0-9 (string)

product_name : Cryostat 2 on RHEL 8 (string)

release_date : 2024-04-29T00:00:00Z (string)

}

6 : { »

advisory : RHSA-2024:2088 (string)

cpe : cpe:/a:redhat:cryostat:2::el8 (string)

package : cryostat-tech-preview/jfr-datasource-rhel8:2.4.0-4 (string)

product_name : Cryostat 2 on RHEL 8 (string)

release_date : 2024-04-29T00:00:00Z (string)

}

7 : { »

advisory : RHSA-2024:1923 (string)

cpe : cpe:/a:redhat:migration_toolkit_runtimes:1.0::el8 (string)

package : mtr/mtr-operator-bundle:1.2-18 (string)

product_name : Migration Toolkit for Runtimes 1 on RHEL 8 (string)

release_date : 2024-04-18T00:00:00Z (string)

}

8 : { »

advisory : RHSA-2024:1923 (string)

cpe : cpe:/a:redhat:migration_toolkit_runtimes:1.0::el8 (string)

package : mtr/mtr-rhel8-operator:1.2-11 (string)

product_name : Migration Toolkit for Runtimes 1 on RHEL 8 (string)

release_date : 2024-04-18T00:00:00Z (string)

}

9 : { »

advisory : RHSA-2024:1923 (string)

cpe : cpe:/a:redhat:migration_toolkit_runtimes:1.0::el8 (string)

package : mtr/mtr-web-container-rhel8:1.2-12 (string)

product_name : Migration Toolkit for Runtimes 1 on RHEL 8 (string)

release_date : 2024-04-18T00:00:00Z (string)

}

10 : { »

advisory : RHSA-2024:1923 (string)

cpe : cpe:/a:redhat:migration_toolkit_runtimes:1.0::el8 (string)

package : mtr/mtr-web-executor-container-rhel8:1.2-10 (string)

product_name : Migration Toolkit for Runtimes 1 on RHEL 8 (string)

release_date : 2024-04-18T00:00:00Z (string)

}

11 : { »

advisory : RHSA-2024:3989 (string)

cpe : cpe:/a:redhat:migration_toolkit_applications:6.2::el9 (string)

package : mta/mta-windup-addon-rhel9:6.2.3-2 (string)

product_name : MTA-6.2-RHEL-9 (string)

release_date : 2024-06-20T00:00:00Z (string)

}

12 : { »

advisory : RHSA-2024:3527 (string)

cpe : cpe:/a:redhat:amq_streams:2 (string)

package : vertx-core (string)

product_name : Red Hat AMQ Streams 2.7.0 (string)

release_date : 2024-05-30T00:00:00Z (string)

}

13 : { »

advisory : RHSA-2024:4884 (string)

cpe : cpe:/a:redhat:apache_camel_spring_boot:4.4.1 (string)

package : vertx-core (string)

product_name : Red Hat build of Apache Camel 4.4.1 for Spring Boot (string)

release_date : 2024-07-25T00:00:00Z (string)

}

14 : { »

advisory : RHSA-2024:1662 (string)

cpe : cpe:/a:redhat:quarkus:3.2::el8 (string)

package : io.vertx/vertx-core:4.4.8.redhat-00001 (string)

product_name : Red Hat build of Quarkus 3.2.11.Final (string)

release_date : 2024-04-03T00:00:00Z (string)

}

15 : { »

advisory : RHSA-2024:2833 (string)

cpe : cpe:/a:redhat:service_registry:2.5 (string)

package : vertx-core (string)

product_name : RHINT Service Registry 2.5.11 GA (string)

release_date : 2024-05-14T00:00:00Z (string)

}

]

bugzilla : { »

description : io.vertx:vertx-core: memory leak when a TCP server is configured with TLS and SNI support (string)

id : 2263139 (string)

url : https://bugzilla.redhat.com/show_bug.cgi?id=2263139 (string)

}

csaw : false (boolean)

cvss3 : { »

cvss3_base_score : 5.4 (string)

cvss3_scoring_vector : CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:L (string)

status : verified (string)

}

cwe : CWE-1392->CWE-401 (string)

details : [ »

0 : A vulnerability in the Eclipse Vert.x toolkit causes a memory leak in TCP servers configured with TLS and SNI support. When processing an unknown SNI server name assigned the default certificate instead of a mapped certificate, the SSL context is erroneously cached in the server name map, leading to memory exhaustion. This flaw allows attackers to send TLS client hello messages with fake server names, triggering a JVM out-of-memory error. (string)

1 : A vulnerability in the Eclipse Vert.x toolkit causes a memory leak in TCP servers configured with TLS and SNI support. When processing an unknown SNI server name assigned the default certificate instead of a mapped certificate, the SSL context is erroneously cached in the server name map, leading to memory exhaustion. This flaw allows attackers to send TLS client hello messages with fake server names, triggering a JVM out-of-memory error. (string)

]

mitigation : { »

lang : en:us (string)

}

name : CVE-2024-1300 (string)

package_state : [ »

0 : { »

cpe : cpe:/a:redhat:a_mq_clients:2 (string)

fix_state : Not affected (string)

package_name : vertx-core (string)

product_name : A-MQ Clients 2 (string)

}

1 : { »

cpe : cpe:/a:redhat:serverless:1 (string)

fix_state : Not affected (string)

package_name : vertx-core (string)

product_name : OpenShift Serverless (string)

}

2 : { »

cpe : cpe:/a:redhat:amq_broker:7 (string)

fix_state : Not affected (string)

package_name : vertx-core (string)

product_name : Red Hat AMQ Broker 7 (string)

}

3 : { »

cpe : cpe:/a:redhat:camel_spring_boot:3 (string)

fix_state : Will not fix (string)

package_name : vertx-core (string)

product_name : Red Hat build of Apache Camel for Spring Boot 3 (string)

}

4 : { »

cpe : cpe:/a:redhat:build_keycloak: (string)

fix_state : Affected (string)

package_name : vertx-core (string)

product_name : Red Hat Build of Keycloak (string)

}

5 : { »

cpe : cpe:/a:redhat:optaplanner:::el6 (string)

fix_state : Will not fix (string)

package_name : vertx-core (string)

product_name : Red Hat build of OptaPlanner 8 (string)

}

6 : { »

cpe : cpe:/a:redhat:quarkus:2 (string)

fix_state : Will not fix (string)

package_name : io.vertx/vertx-core (string)

product_name : Red Hat build of Quarkus (string)

}

7 : { »

cpe : cpe:/a:redhat:jboss_data_grid:8 (string)

fix_state : Not affected (string)

package_name : vertx-core (string)

product_name : Red Hat Data Grid 8 (string)

}

8 : { »

cpe : cpe:/a:redhat:jboss_fuse:7 (string)

fix_state : Not affected (string)

package_name : vertx-core (string)

product_name : Red Hat Fuse 7 (string)

}

9 : { »

cpe : cpe:/a:redhat:integration:1 (string)

fix_state : Will not fix (string)

package_name : vertx-core (string)

product_name : Red Hat Integration Camel K (string)

}

10 : { »

cpe : cpe:/a:redhat:camel_quarkus:2 (string)

fix_state : Will not fix (string)

package_name : vertx-core (string)

product_name : Red Hat Integration Camel Quarkus (string)

}

11 : { »

cpe : cpe:/a:redhat:jboss_data_grid:7 (string)

fix_state : Will not fix (string)

package_name : vertx-core (string)

product_name : Red Hat JBoss Data Grid 7 (string)

}

12 : { »

cpe : cpe:/a:redhat:jboss_enterprise_application_platform:7 (string)

fix_state : Not affected (string)

package_name : vertx-core (string)

product_name : Red Hat JBoss Enterprise Application Platform 7 (string)

}

13 : { »

cpe : cpe:/a:redhat:jboss_enterprise_application_platform:8 (string)

fix_state : Not affected (string)

package_name : vertx-core (string)

product_name : Red Hat JBoss Enterprise Application Platform 8 (string)

}

14 : { »

cpe : cpe:/a:redhat:jbosseapxp (string)

fix_state : Not affected (string)

package_name : vertx-core (string)

product_name : Red Hat JBoss Enterprise Application Platform Expansion Pack (string)

}

15 : { »

cpe : cpe:/a:redhat:jboss_enterprise_bpms_platform:7 (string)

fix_state : Will not fix (string)

package_name : vertx-core (string)

product_name : Red Hat Process Automation 7 (string)

}

]

public_date : 2024-02-06T00:00:00Z (string)

references : [ »

0 : https://www.cve.org/CVERecord?id=CVE-2024-1300 https://nvd.nist.gov/vuln/detail/CVE-2024-1300 https://vertx.io/docs/vertx-core/java/#_server_name_indication_sni. (string)

]

statement : This affects only TLS servers with SNI enabled. (string)

threat_severity : Moderate (string)

}

Metrics

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact Low

Integrity Impact None

Availability Impact Low

User Interaction None

Exploitation none

Automatable no

Technical Impact partial

Affected Vendors & Products

JSON object

JSON object

JSON object

JSON object