2347319 – (CVE-2025-1634) CVE-2025-1634 io.quarkus:quarkus-resteasy: Memory Leak in Quarkus RESTEasy Classic When Client Requests Timeout

Bug 2347319 (CVE-2025-1634) - CVE-2025-1634 io.quarkus:quarkus-resteasy: Memory Leak in Quarkus RESTEasy Classic When Client Requests Timeout

Summary: CVE-2025-1634 io.quarkus:quarkus-resteasy: Memory Leak in Quarkus RESTEasy Cl...

Keywords:
Status:	NEW
Alias:	CVE-2025-1634
Product:	Security Response
Classification:	Other
Component:	vulnerability
Sub Component:
Version:	unspecified
Hardware:	All
OS:	Linux
Priority:	high
Severity:	high
Target Milestone:	---
Assignee:	Product Security DevOps Team
QA Contact:
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+	depends on / blocked

Reported:	2025-02-24 14:33 UTC by OSIDB Bzimport
Modified:	2025-03-03 13:23 UTC (History)
CC List:	27 users (show)
Fixed In Version:
Clone Of:
Environment:
Last Closed:
Embargoed:

Attachments	(Terms of Use)

Links
System	ID	Priority	Status	Summary	Last Updated
Red Hat Product Errata	RHSA-2025:1884	None	None	None	2025-02-27 15:15:11 UTC
Red Hat Product Errata	RHSA-2025:1885	None	None	None	2025-02-27 13:16:24 UTC
Red Hat Product Errata	RHSA-2025:2067	None	None	None	2025-03-03 13:23:30 UTC

Description OSIDB Bzimport 2025-02-24 14:33:37 UTC

This vulnerability affects all currently maintained versions of the quarkus-resteasy extension. Applications exposing REST endpoints using this extension are susceptible to attacks where an adversary can intentionally cause client timeouts, leading to memory exhaustion and application failure. The issue has been addressed in a recent fix, and users are advised to update their dependencies accordingly.

Comment 4 errata-xmlrpc 2025-02-27 13:16:22 UTC

This issue has been addressed in the following products:

  Red Hat build of Quarkus 3.15.3.SP1

Via RHSA-2025:1885 https://access.redhat.com/errata/RHSA-2025:1885

Comment 5 errata-xmlrpc 2025-02-27 15:15:09 UTC

This issue has been addressed in the following products:

  Red Hat build of Quarkus 3.8.6.SP3

Via RHSA-2025:1884 https://access.redhat.com/errata/RHSA-2025:1884

Comment 6 errata-xmlrpc 2025-03-03 13:23:28 UTC

This issue has been addressed in the following products:

  Red Hat Build of Apache Camel 4.8 for Quarkus 3.15

Via RHSA-2025:2067 https://access.redhat.com/errata/RHSA-2025:2067

Note You need to log in before you can comment on or make changes to this bug.

anstephe
avibelli
bgeorges
clement.escoffier
dandread
dkreling
fmongiar
gsmet
janstey
jmartisk
jnethert
jsamir
lthon
manderse
mosmerov
olubyans
pesilva
pgallagh
pjindal
probinso
rruss
rsvoboda
sausingh
sbiarozk
sthirugn
tqvarnst
vkrizan