CVE Radar Logo
CVERadar
CVE Radar Logo
CVERadar

CVE-2024-1300

Medium Severity
SVRS
30/100
CVSSv3
5.4/10
EPSS
0.00072/1

CVE-2024-1300: Memory leak in Eclipse Vert.x TCP servers with TLS and SNI. This vulnerability can lead to memory exhaustion and denial of service.

CVE-2024-1300 exposes a flaw in Eclipse Vert.x where TCP servers using TLS and Server Name Indication (SNI) incorrectly cache SSL contexts. This caching error, triggered by processing unknown SNI server names, results in a memory leak. An attacker can exploit this by sending TLS client hello messages with fabricated server names, eventually causing a JVM out-of-memory error and disrupting service. Although the CVSS score is 5.4, the SOCRadar Vulnerability Risk Score (SVRS) of 30 suggests a lower immediate risk compared to critical vulnerabilities. However, organizations using vulnerable versions of Eclipse Vert.x should implement recommended patches promptly to mitigate potential denial-of-service attacks and maintain system stability. This vulnerability is significant because it allows relatively simple attacks to exhaust server resources.

TAGS
X_refsource_REDHAT
Issue-tracking
VECTOR STRING
CVSS:3.1
AV:N
AC:L
PR:L
UI:N
S:U
C:L
I:N
A:L
PUBLICATION DATE2025-03-03
LAST MODIFIED2024-04-02

Indicators of Compromise

No IOCs found for this CVE

Exploits

No exploits found for this CVE

Enhance Your CVE Management with SOCRadar Vulnerability Intelligence
Get comprehensive CVE details, real-time notifications, and proactive threat management all in one platform.
CREATE FREE ACCOUNT
CVE Details
Access comprehensive CVE information instantly
Real-time Tracking
Subscribe to CVEs and get instant updates
Exploit Analysis
Monitor related APT groups and threats
IOC Tracking
Analyze and track CVE-related IOCs

News

No news found for this CVE

Social Media

No tweets found for this CVE

Affected Software

No affected software found for this CVE

References

ReferenceLink
[email protected]https://access.redhat.com/security/cve/CVE-2024-1300
[email protected]https://bugzilla.redhat.com/show_bug.cgi?id=2263139
[email protected]https://vertx.io/docs/vertx-core/java/#_server_name_indication_sni.
[email protected]https://access.redhat.com/errata/RHSA-2024:1662
[email protected]https://access.redhat.com/security/cve/CVE-2024-1300
[email protected]https://bugzilla.redhat.com/show_bug.cgi?id=2263139
[email protected]https://vertx.io/docs/vertx-core/java/#_server_name_indication_sni.
[email protected]https://access.redhat.com/errata/RHSA-2024:1662
[email protected]https://access.redhat.com/errata/RHSA-2024:1706
[email protected]https://access.redhat.com/security/cve/CVE-2024-1300
[email protected]https://bugzilla.redhat.com/show_bug.cgi?id=2263139
[email protected]https://vertx.io/docs/vertx-core/java/#_server_name_indication_sni.
[email protected]https://access.redhat.com/errata/RHSA-2024:1662
[email protected]https://access.redhat.com/errata/RHSA-2024:1706
[email protected]https://access.redhat.com/errata/RHSA-2024:1923
[email protected]https://access.redhat.com/security/cve/CVE-2024-1300
[email protected]https://bugzilla.redhat.com/show_bug.cgi?id=2263139
[email protected]https://vertx.io/docs/vertx-core/java/#_server_name_indication_sni.
[email protected]https://access.redhat.com/errata/RHSA-2024:1662
[email protected]https://access.redhat.com/errata/RHSA-2024:1706
[email protected]https://access.redhat.com/errata/RHSA-2024:1923
[email protected]https://access.redhat.com/errata/RHSA-2024:2088
[email protected]https://access.redhat.com/security/cve/CVE-2024-1300
[email protected]https://bugzilla.redhat.com/show_bug.cgi?id=2263139
[email protected]https://vertx.io/docs/vertx-core/java/#_server_name_indication_sni.
[email protected]https://access.redhat.com/errata/RHSA-2024:1662
[email protected]https://access.redhat.com/errata/RHSA-2024:1706
[email protected]https://access.redhat.com/errata/RHSA-2024:1923
[email protected]https://access.redhat.com/errata/RHSA-2024:2088
[email protected]https://access.redhat.com/errata/RHSA-2024:2833
[email protected]https://access.redhat.com/security/cve/CVE-2024-1300
[email protected]https://bugzilla.redhat.com/show_bug.cgi?id=2263139
[email protected]https://vertx.io/docs/vertx-core/java/#_server_name_indication_sni.
[email protected]https://access.redhat.com/errata/RHSA-2024:1662
[email protected]https://access.redhat.com/errata/RHSA-2024:1706
[email protected]https://access.redhat.com/errata/RHSA-2024:1923
[email protected]https://access.redhat.com/errata/RHSA-2024:2088
[email protected]https://access.redhat.com/errata/RHSA-2024:2833
[email protected]https://access.redhat.com/errata/RHSA-2024:3527
[email protected]https://access.redhat.com/security/cve/CVE-2024-1300
[email protected]https://bugzilla.redhat.com/show_bug.cgi?id=2263139
[email protected]https://vertx.io/docs/vertx-core/java/#_server_name_indication_sni.
[email protected]https://access.redhat.com/errata/RHSA-2024:1662
[email protected]https://access.redhat.com/errata/RHSA-2024:1706
[email protected]https://access.redhat.com/errata/RHSA-2024:1923
[email protected]https://access.redhat.com/errata/RHSA-2024:2088
[email protected]https://access.redhat.com/errata/RHSA-2024:2833
[email protected]https://access.redhat.com/errata/RHSA-2024:3527
[email protected]https://access.redhat.com/errata/RHSA-2024:3989
[email protected]https://access.redhat.com/security/cve/CVE-2024-1300
[email protected]https://bugzilla.redhat.com/show_bug.cgi?id=2263139
[email protected]https://vertx.io/docs/vertx-core/java/#_server_name_indication_sni.
[email protected]https://access.redhat.com/errata/RHSA-2024:1662
[email protected]https://access.redhat.com/errata/RHSA-2024:1706
[email protected]https://access.redhat.com/errata/RHSA-2024:1923
[email protected]https://access.redhat.com/errata/RHSA-2024:2088
[email protected]https://access.redhat.com/errata/RHSA-2024:2833
[email protected]https://access.redhat.com/errata/RHSA-2024:3527
[email protected]https://access.redhat.com/errata/RHSA-2024:3989
[email protected]https://access.redhat.com/errata/RHSA-2024:4884
[email protected]https://access.redhat.com/security/cve/CVE-2024-1300
[email protected]https://bugzilla.redhat.com/show_bug.cgi?id=2263139
[email protected]https://vertx.io/docs/vertx-core/java/#_server_name_indication_sni.
RHBZ#2263139https://bugzilla.redhat.com/show_bug.cgi?id=2263139
RHSA-2024:1662https://access.redhat.com/errata/RHSA-2024:1662
RHSA-2024:1706https://access.redhat.com/errata/RHSA-2024:1706
RHSA-2024:1923https://access.redhat.com/errata/RHSA-2024:1923
RHSA-2024:2088https://access.redhat.com/errata/RHSA-2024:2088
RHSA-2024:2833https://access.redhat.com/errata/RHSA-2024:2833
RHSA-2024:3527https://access.redhat.com/errata/RHSA-2024:3527
RHSA-2024:3989https://access.redhat.com/errata/RHSA-2024:3989
RHSA-2024:4884https://access.redhat.com/errata/RHSA-2024:4884

CWE Details

CWE IDCWE NameDescription
CWE-401Missing Release of Memory after Effective LifetimeThe software does not sufficiently track and release allocated memory after it has been used, which slowly consumes remaining memory.
CWE-400Uncontrolled Resource ConsumptionThe software does not properly control the allocation and maintenance of a limited resource, thereby enabling an actor to influence the amount of resources consumed, eventually leading to the exhaustion of available resources.

CVE Radar

Real-time CVE Intelligence & Vulnerability Management Platform

CVE Radar provides comprehensive vulnerability intelligence by monitoring CVE databases, security advisories, and threat feeds. Get instant updates on new vulnerabilities, exploit details, and mitigation strategies specific to your assets.

Get Free Vulnerability Intelligence AccessAccess real-time CVE monitoring, exploit analysis, and threat intelligence