CVE-2024-8391 – Eclipse Vert.x gRPC server does not limit the maximum message size

https://notcve.org/view.php?id=CVE-2024-8391

04 Sep 2024 — In Eclipse Vert.x version 4.3.0 to 4.5.9, the gRPC server does not limit the maximum length of message payload (Maven GAV: io.vertx:vertx-grpc-server and io.vertx:vertx-grpc-client). This is fixed in the 4.5.10 version. Note this does not affect the Vert.x gRPC server based grpc-java and Netty libraries (Maven GAV: io.vertx:vertx-grpc) A flaw was found in the gRPC server in Eclipse Vert.x, which does not limit the maximum length of the message payload. This may lead to excessive memory consumption in a serv... • https://github.com/eclipse-vertx/vertx-grpc/issues/113 • CWE-770: Allocation of Resources Without Limits or Throttling •