Bug 2298829 (CVE-2024-41172) - CVE-2024-41172 apache: cxf: org.apache.cxf:cxf-rt-transports-http: unrestricted memory consumption in CXF HTTP clients
Summary: CVE-2024-41172 apache: cxf: org.apache.cxf:cxf-rt-transports-http: unrestrict...
Keywords:
Status: NEW
Alias: CVE-2024-41172
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
medium
medium
Target Milestone: ---
Assignee: Product Security DevOps Team
QA Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2024-07-19 09:20 UTC by OSIDB Bzimport
Modified: 2025-04-17 05:51 UTC (History)
74 users (show)

Fixed In Version:
Clone Of:
Environment:
Last Closed:
Embargoed:

Attachments (Terms of Use)


Links
System ID Private Priority Status Summary Last Updated
Red Hat Product Errata RHSA-2024:6508 0 None None None 2024-09-09 17:17:38 UTC
Red Hat Product Errata RHSA-2024:7052 0 None None None 2024-09-24 12:53:08 UTC
Red Hat Product Errata RHSA-2024:8823 0 None None None 2024-11-04 20:12:36 UTC
Red Hat Product Errata RHSA-2024:8824 0 None None None 2024-11-04 20:11:35 UTC
Red Hat Product Errata RHSA-2024:8826 0 None None None 2024-11-04 20:56:48 UTC

Description OSIDB Bzimport 2024-07-19 09:20:38 UTC 
In versions of Apache CXF before 3.6.4 and 4.0.5 (3.5.x and lower versions are not impacted), a CXF HTTP client conduit may prevent HTTPClient instances from being garbage collected and it is possible that memory consumption will continue to increase, eventually causing the application to run  out of memory
Comment 1 errata-xmlrpc 2024-09-09 17:17:34 UTC 
This issue has been addressed in the following products:

  Red Hat build of Apache Camel 4.4.2 for Spring Boot

Via RHSA-2024:6508 https://access.redhat.com/errata/RHSA-2024:6508
Comment 2 errata-xmlrpc 2024-09-24 12:53:04 UTC 
This issue has been addressed in the following products:

  Red Hat build of Apache Camel for Quarkus 2.13

Via RHSA-2024:7052 https://access.redhat.com/errata/RHSA-2024:7052
Comment 3 errata-xmlrpc 2024-11-04 20:11:32 UTC 
This issue has been addressed in the following products:

  Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9

Via RHSA-2024:8824 https://access.redhat.com/errata/RHSA-2024:8824
Comment 4 errata-xmlrpc 2024-11-04 20:12:31 UTC 
This issue has been addressed in the following products:

  Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8

Via RHSA-2024:8823 https://access.redhat.com/errata/RHSA-2024:8823
Comment 5 errata-xmlrpc 2024-11-04 20:56:44 UTC 
This issue has been addressed in the following products:

  Red Hat JBoss Enterprise Application Platform

Via RHSA-2024:8826 https://access.redhat.com/errata/RHSA-2024:8826
Note You need to log in before you can comment on or make changes to this bug.