A flaw was found in the quarkus-resteasy extension, which causes memory leaks when client requests with low timeouts are made. If a client request times out, a buffer is not released correctly, leading to increased memory usage and eventual application crash due to OutOfMemoryError.

Metrics

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Exploitation none

Automatable yes

Technical Impact partial

Affected Vendors & Products

Vendors Products
Redhat
  • Camel Quarkus
  • Quarkus

No data.

Package CPE Advisory Released Date
Red Hat Build of Apache Camel 4.8 for Quarkus 3.15
quarkus-resteasy cpe:/a:redhat:camel_quarkus:3.15 RHSA-2025:2067 2025-03-03T00:00:00Z
Red Hat build of Quarkus 3.15.3.SP1
quarkus-resteasy cpe:/a:redhat:quarkus:3.15::el8 RHSA-2025:1885 2025-02-27T00:00:00Z
Red Hat build of Quarkus 3.8.6.SP3
quarkus-resteasy cpe:/a:redhat:quarkus:3.8::el8 RHSA-2025:1884 2025-02-27T00:00:00Z
References
Link Providers
https://access.redhat.com/errata/RHSA-2025:1884 cve-icon cve-icon
https://access.redhat.com/errata/RHSA-2025:1885 cve-icon cve-icon
https://access.redhat.com/errata/RHSA-2025:2067 cve-icon cve-icon
https://access.redhat.com/security/cve/CVE-2025-1634 cve-icon cve-icon
https://bugzilla.redhat.com/show_bug.cgi?id=2347319 cve-icon cve-icon
https://nvd.nist.gov/vuln/detail/CVE-2025-1634 cve-icon
https://www.cve.org/CVERecord?id=CVE-2025-1634 cve-icon
History

Tue, 04 Mar 2025 03:45:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Mon, 03 Mar 2025 13:30:00 +0000

Type Values Removed Values Added
CPEs cpe:/a:redhat:camel_quarkus:3 cpe:/a:redhat:camel_quarkus:3.15
References

Thu, 27 Feb 2025 15:30:00 +0000

Type Values Removed Values Added
CPEs cpe:/a:redhat:quarkus:3.8::el8
References

Thu, 27 Feb 2025 14:15:00 +0000

Type Values Removed Values Added
CPEs cpe:/a:redhat:quarkus:3 cpe:/a:redhat:quarkus:3.15::el8
References

Wed, 26 Feb 2025 17:15:00 +0000

Type Values Removed Values Added
Description No description is available for this CVE. A flaw was found in the quarkus-resteasy extension, which causes memory leaks when client requests with low timeouts are made. If a client request times out, a buffer is not released correctly, leading to increased memory usage and eventual application crash due to OutOfMemoryError.
Title io.quarkus:quarkus-resteasy: Memory Leak in Quarkus RESTEasy Classic When Client Requests Timeout Io.quarkus:quarkus-resteasy: memory leak in quarkus resteasy classic when client requests timeout
First Time appeared Redhat
Redhat camel Quarkus
Redhat quarkus
CPEs cpe:/a:redhat:camel_quarkus:3
cpe:/a:redhat:quarkus:3
Vendors & Products Redhat
Redhat camel Quarkus
Redhat quarkus
References

Tue, 25 Feb 2025 01:45:00 +0000

Type Values Removed Values Added
Description No description is available for this CVE.
Title io.quarkus:quarkus-resteasy: Memory Leak in Quarkus RESTEasy Classic When Client Requests Timeout
Weaknesses CWE-401
References
Metrics threat_severity

None

 cvssV3_1

{'score': 7.5, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H'}

threat_severity

Important
cve-icon MITRE

Status: PUBLISHED

Assigner: redhat

Published:

Updated: 2025-03-18T09:19:30.590Z

Reserved: 2025-02-24T14:23:22.369Z

Link: CVE-2025-1634

cve-icon Vulnrichment

Updated: 2025-02-26T17:25:42.771Z

cve-icon NVD

Status : Received

Published: 2025-02-26T17:15:22.083

Modified: 2025-03-03T14:15:34.237

Link: CVE-2025-1634

cve-icon Redhat

Severity : Important

Publid Date: 2025-02-24T00:00:00Z

Links: CVE-2025-1634 - Bugzilla