2309758 – (CVE-2024-8391) CVE-2024-8391 io.vertx:vertx-grpc-client: io.vertx:vertx-grpc-server: Vertx gRPC server does not limit the maximum message size

Bug 2309758 (CVE-2024-8391) - CVE-2024-8391 io.vertx:vertx-grpc-client: io.vertx:vertx-grpc-server: Vertx gRPC server does not limit the maximum message size

Summary: CVE-2024-8391 io.vertx:vertx-grpc-client: io.vertx:vertx-grpc-server: Vertx g...

Keywords:
Status:	NEW
Alias:	CVE-2024-8391
Product:	Security Response
Classification:	Other
Component:	vulnerability
Sub Component:
Version:	unspecified
Hardware:	All
OS:	Linux
Priority:	medium
Severity:	medium
Target Milestone:	---
Assignee:	Product Security DevOps Team
QA Contact:
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+	depends on / blocked

Reported:	2024-09-04 16:21 UTC by OSIDB Bzimport
Modified:	2025-05-06 08:29 UTC (History)
CC List:	57 users (show)
Fixed In Version:
Clone Of:
Environment:
Last Closed:
Embargoed:

Attachments	(Terms of Use)

Links
System	ID	Priority	Status	Summary	Last Updated
Red Hat Product Errata	RHSA-2024:7052	None	None	None	2024-09-24 12:53:06 UTC
Red Hat Product Errata	RHSA-2024:8023	None	None	None	2024-10-14 01:00:24 UTC
Red Hat Product Errata	RHSA-2025:0542	None	None	None	2025-01-21 17:55:59 UTC

Description OSIDB Bzimport 2024-09-04 16:21:09 UTC

In Eclipse Vert.x version 4.3.0 to 4.5.9, the gRPC server does not limit the maximum length of message payload (Maven GAV: io.vertx:vertx-grpc-server and io.vertx:vertx-grpc-client). 




This is fixed in the 4.5.10 version. 




Note this does not affect the Vert.x gRPC server based grpc-java and Netty libraries (Maven GAV: io.vertx:vertx-grpc)

Comment 1 errata-xmlrpc 2024-09-24 12:53:03 UTC

This issue has been addressed in the following products:

  Red Hat build of Apache Camel for Quarkus 2.13

Via RHSA-2024:7052 https://access.redhat.com/errata/RHSA-2024:7052

Comment 2 errata-xmlrpc 2024-10-14 01:00:21 UTC

This issue has been addressed in the following products:

  RHOSS-1.34-RHEL-8

Via RHSA-2024:8023 https://access.redhat.com/errata/RHSA-2024:8023

Comment 3 errata-xmlrpc 2025-01-21 17:55:55 UTC

This issue has been addressed in the following products:

  Red Hat JBoss EAP XP 5.0 Update 1.0

Via RHSA-2025:0542 https://access.redhat.com/errata/RHSA-2025:0542

Note You need to log in before you can comment on or make changes to this bug.

anstephe
asoldano
avibelli
bbaranow
bgeorges
bmaxwell
brian.stansberry
caswilli
cdewolf
chazlett
clement.escoffier
cmah
dandread
darran.lofthouse
dhanak
dkreling
dosoudil
dsimansk
fjuma
fmongiar
gsmet
istudens
ivassile
iweiss
janstey
jmartisk
jnethert
kaycoth
kingland
kverlaen
lgao
lthon
manderse
matzew
mnovotny
mosmerov
msochure
msvehla
nwallace
olubyans
pesilva
pgallagh
pierdipi
pjindal
pmackay
probinso
rguimara
rhuss
rruss
rstancel
rsvoboda
sausingh
sbiarozk
sdouglas
smaestri
tom.jenkinson
tqvarnst