Bug 2263139 (CVE-2024-1300) - CVE-2024-1300 io.vertx:vertx-core: memory leak when a TCP server is configured with TLS and SNI support
Summary: CVE-2024-1300 io.vertx:vertx-core: memory leak when a TCP server is configure...
Keywords:
Status: NEW
Alias: CVE-2024-1300
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
medium
medium
Target Milestone: ---
Assignee: Product Security
QA Contact:
URL:
Whiteboard:
Depends On:
Blocks: 2263142
TreeView+ depends on / blocked
 
Reported: 2024-02-07 07:18 UTC by TEJ RATHI
Modified: 2025-05-06 08:29 UTC (History)
101 users (show)

Fixed In Version:
Clone Of:
Environment:
Last Closed:
Embargoed:

Attachments (Terms of Use)


Links
System ID Private Priority Status Summary Last Updated
Red Hat Product Errata RHSA-2024:1662 0 None None None 2024-04-03 10:53:12 UTC
Red Hat Product Errata RHSA-2024:1923 0 None None None 2024-04-18 11:43:26 UTC
Red Hat Product Errata RHSA-2024:2088 0 None None None 2024-04-29 02:26:55 UTC
Red Hat Product Errata RHSA-2024:2833 0 None None None 2024-05-14 09:08:16 UTC
Red Hat Product Errata RHSA-2024:3527 0 None None None 2024-05-30 20:25:49 UTC
Red Hat Product Errata RHSA-2024:3989 0 None None None 2024-06-20 00:36:14 UTC
Red Hat Product Errata RHSA-2024:4884 0 None None None 2024-07-25 19:26:18 UTC
Red Hat Product Errata RHSA-2024:6536 0 None None None 2025-03-07 11:29:39 UTC

Description TEJ RATHI 2024-02-07 07:18:17 UTC 
Since Vert.x 4.3.4 that leads to a memory leak when a TCP server is configured with TLS and SNI support: when such
server processes an unknown SNI server name, that is a server name that would be assigned the default certificate instead of a server name mapped certificate, the SSL context will be cached in the server name map. This map should only contain server names for which the configuration provides a valid certificate. As a consequence, this can be exploited by client sending TLS client hello message with the server name extension indicating spurious server names and eventually trigger a JVM out of memory error. 

This affects only TLS servers with SNI enabled
https://vertx.io/docs/vertx-core/java/#_server_name_indication_sni.

It affects the maven artifact io.vertx:vertx-core versions
4.3.4,4.3.5,4.3.6,4.3.7,4.3.8,4.4.0,4.4.1,4.4.2,4.4.3,4.4.4,4.4.5,4.4.6,4.4.7,4.5.0,4.5.1,4.5.2

https://github.com/eclipse-vertx/vert.x/pull/5101 [Master]
https://github.com/eclipse-vertx/vert.x/pull/5100 [4.x]
https://github.com/eclipse-vertx/vert.x/pull/5099 [4.3]
Comment 9 errata-xmlrpc 2024-04-03 10:53:09 UTC 
This issue has been addressed in the following products:

  Red Hat build of Quarkus 3.2.11

Via RHSA-2024:1662 https://access.redhat.com/errata/RHSA-2024:1662
Comment 11 errata-xmlrpc 2024-04-18 11:43:21 UTC 
This issue has been addressed in the following products:

  Migration Toolkit for Runtimes 1 on RHEL 8

Via RHSA-2024:1923 https://access.redhat.com/errata/RHSA-2024:1923
Comment 12 errata-xmlrpc 2024-04-29 02:26:52 UTC 
This issue has been addressed in the following products:

  Cryostat 2 on RHEL 8

Via RHSA-2024:2088 https://access.redhat.com/errata/RHSA-2024:2088
Comment 15 errata-xmlrpc 2024-05-14 09:08:12 UTC 
This issue has been addressed in the following products:

  RHINT Service Registry 2.5.11 GA

Via RHSA-2024:2833 https://access.redhat.com/errata/RHSA-2024:2833
Comment 18 errata-xmlrpc 2024-05-30 20:25:43 UTC 
This issue has been addressed in the following products:

  Red Hat AMQ Streams 2.7.0

Via RHSA-2024:3527 https://access.redhat.com/errata/RHSA-2024:3527
Comment 19 errata-xmlrpc 2024-06-20 00:36:08 UTC 
This issue has been addressed in the following products:

  MTA-6.2-RHEL-9
  MTA-6.2-RHEL-8

Via RHSA-2024:3989 https://access.redhat.com/errata/RHSA-2024:3989
Comment 21 errata-xmlrpc 2024-07-25 19:26:13 UTC 
This issue has been addressed in the following products:

  Red Hat build of Apache Camel 4.4.1 for Spring Boot

Via RHSA-2024:4884 https://access.redhat.com/errata/RHSA-2024:4884
Comment 23 errata-xmlrpc 2025-03-07 11:29:33 UTC 
This issue has been addressed in the following products:

  Red Hat AMQ Streams 2.5.2

Via RHSA-2024:6536 https://access.redhat.com/errata/RHSA-2024:6536
Note You need to log in before you can comment on or make changes to this bug.