CVE-2024-1023

6.5 MEDIUM
Published: March 27, 2024 Modified: April 15, 2026
View on NVD

Description

A vulnerability in the Eclipse Vert.x toolkit results in a memory leak due to using Netty FastThreadLocal data structures. Specifically, when the Vert.x HTTP client establishes connections to different hosts, triggering the memory leak. The leak can be accelerated with intimate runtime knowledge, allowing an attacker to exploit this vulnerability. For instance, a server accepting arbitrary internet addresses could serve as an attack vector by connecting to these addresses, thereby accelerating the memory leak.

AI Explanation

Get an AI-powered plain-language explanation of this vulnerability and remediation steps.

Login to generate AI explanation

CVSS v3.x Details

0.0 Low Medium High Critical 10.0
Vector String
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

References to Advisories, Solutions, and Tools

Patch Vendor Advisory Exploit Third Party Advisory
https://access.redhat.com/errata/RHSA-2024:1662
Source: secalert@redhat.com
https://access.redhat.com/errata/RHSA-2024:1706
Source: secalert@redhat.com
https://access.redhat.com/errata/RHSA-2024:2088
Source: secalert@redhat.com
https://access.redhat.com/errata/RHSA-2024:2833
Source: secalert@redhat.com
https://access.redhat.com/errata/RHSA-2024:3527
Source: secalert@redhat.com
https://access.redhat.com/errata/RHSA-2024:3989
Source: secalert@redhat.com
https://access.redhat.com/errata/RHSA-2024:4884
Source: secalert@redhat.com
https://access.redhat.com/security/cve/CVE-2024-1023
Source: secalert@redhat.com
https://bugzilla.redhat.com/show_bug.cgi?id=2260840
Source: secalert@redhat.com
https://github.com/eclipse-vertx/vert.x/issues/5078
Source: secalert@redhat.com
https://github.com/eclipse-vertx/vert.x/pull/5080
Source: secalert@redhat.com
https://github.com/eclipse-vertx/vert.x/pull/5082
Source: secalert@redhat.com
https://access.redhat.com/errata/RHSA-2024:1662
Source: af854a3a-2127-422b-91ae-364da2661108
https://access.redhat.com/errata/RHSA-2024:1706
Source: af854a3a-2127-422b-91ae-364da2661108
https://access.redhat.com/errata/RHSA-2024:2088
Source: af854a3a-2127-422b-91ae-364da2661108
https://access.redhat.com/errata/RHSA-2024:2833
Source: af854a3a-2127-422b-91ae-364da2661108
https://access.redhat.com/errata/RHSA-2024:3527
Source: af854a3a-2127-422b-91ae-364da2661108
https://access.redhat.com/errata/RHSA-2024:3989
Source: af854a3a-2127-422b-91ae-364da2661108
https://access.redhat.com/errata/RHSA-2024:4884
Source: af854a3a-2127-422b-91ae-364da2661108
https://access.redhat.com/security/cve/CVE-2024-1023
Source: af854a3a-2127-422b-91ae-364da2661108
https://bugzilla.redhat.com/show_bug.cgi?id=2260840
Source: af854a3a-2127-422b-91ae-364da2661108
https://github.com/eclipse-vertx/vert.x/issues/5078
Source: af854a3a-2127-422b-91ae-364da2661108
https://github.com/eclipse-vertx/vert.x/pull/5080
Source: af854a3a-2127-422b-91ae-364da2661108
https://github.com/eclipse-vertx/vert.x/pull/5082
Source: af854a3a-2127-422b-91ae-364da2661108

24 reference(s) from NVD

Quick Stats

CVSS v3 Score
6.5 / 10.0
EPSS (Exploit Probability)
0.2%
45th percentile
Exploitation Status
Not in CISA KEV

Weaknesses (CWE)

CWE-401

Related CVEs

CVE-2026-5231 7.2
CVE-2026-5162 6.4
CVE-2026-4817 6.5
CVE-2026-3488 6.5
CVE-2026-40922 N/A