There is a regression in Vert.x 4.4 branch that leads to a memory leak due to the use of Netty FastThreadLocal data structures. As a consequence, when the Vert.x HTTP client connects to a different host, it does make the leak progress furthermore, there might be other cases leading to the same effect but exhibiting one seems enough to demonstrate the feasability. Thus, this can be exploited with intimate knowledge of the runtime to accelerate the memory leak, e.g. a server accepting arbitrary internet addresses for which it will connect to could be fed with addresses as an attack vector. This affects the maven artifact io.vertx:vertx-core versions 4.4.5, 4.4.6, 4.5.0, 4.5.1 https://github.com/eclipse-vertx/vert.x/issues/5078 https://github.com/eclipse-vertx/vert.x/pull/5082 https://github.com/eclipse-vertx/vert.x/pull/5080
This issue has been addressed in the following products: Red Hat build of Quarkus 3.2.11 Via RHSA-2024:1662 https://access.redhat.com/errata/RHSA-2024:1662
This issue has been addressed in the following products: Cryostat 2 on RHEL 8 Via RHSA-2024:2088 https://access.redhat.com/errata/RHSA-2024:2088