CVE-2024-1635
Undertow: out-of-memory error after several closed connections with wildfly-http-client protocol
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
A vulnerability was found in Undertow. This vulnerability impacts a server that supports the wildfly-http-client protocol. Whenever a malicious user opens and closes a connection with the HTTP port of the server and then closes the connection immediately, the server will end with both memory and open file limits exhausted at some point, depending on the amount of memory available. At HTTP upgrade to remoting, the WriteTimeoutStreamSinkConduit leaks connections if RemotingConnection is closed by Remoting ServerConnectionOpenListener. Because the remoting connection originates in Undertow as part of the HTTP upgrade, there is an external layer to the remoting connection. This connection is unaware of the outermost layer when closing the connection during the connection opening procedure. Hence, the Undertow WriteTimeoutStreamSinkConduit is not notified of the closed connection in this scenario. Because WriteTimeoutStreamSinkConduit creates a timeout task, the whole dependency tree leaks via that task, which is added to XNIO WorkerThread. So, the workerThread points to the Undertow conduit, which contains the connections and causes the leak.
Se encontró una vulnerabilidad en Undertow. Esta vulnerabilidad afecta a un servidor que admite el protocolo wildfly-http-client. Siempre que un usuario malintencionado abre y cierra una conexión con el puerto HTTP del servidor y luego cierra la conexión inmediatamente, el servidor finalizará con los límites de memoria y de archivos abiertos agotados en algún momento, dependiendo de la cantidad de memoria disponible. En la actualización HTTP a comunicación remota, WriteTimeoutStreamSinkConduit pierde conexiones si RemotingConnection se cierra mediante Remoting ServerConnectionOpenListener. Debido a que la conexión remota se origina en Undertow como parte de la actualización HTTP, existe una capa externa a la conexión remota. Esta conexión desconoce la capa más externa al cerrar la conexión durante el procedimiento de apertura de la conexión. Por lo tanto, Undertow WriteTimeoutStreamSinkConduit no recibe notificación de la conexión cerrada en este escenario. Debido a que WriteTimeoutStreamSinkConduit crea una tarea de tiempo de espera, todo el árbol de dependencia se filtra a través de esa tarea, que se agrega a XNIO WorkerThread. Entonces, el hilo de trabajo apunta al conducto Undertow, que contiene las conexiones y causa la fuga.
CVSS Scores
SSVC
- Decision:Track
Timeline
- 2024-02-19 CVE Reserved
- 2024-02-19 CVE Published
- 2024-09-17 EPSS Updated
- 2024-11-13 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-400: Uncontrolled Resource Consumption
CAPEC
References (12)
| URL | Tag | Source |
|---|---|---|
| https://security.netapp.com/advisory/ntap-20240322-0007 |
|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| https://access.redhat.com/errata/RHSA-2024:1674 | 2024-04-17 | |
| https://access.redhat.com/errata/RHSA-2024:1675 | 2024-04-17 | |
| https://access.redhat.com/errata/RHSA-2024:1676 | 2024-04-17 | |
| https://access.redhat.com/errata/RHSA-2024:1677 | 2024-04-17 | |
| https://access.redhat.com/errata/RHSA-2024:1860 | 2024-04-17 | |
| https://access.redhat.com/errata/RHSA-2024:1861 | 2024-04-17 | |
| https://access.redhat.com/errata/RHSA-2024:1862 | 2024-04-17 | |
| https://access.redhat.com/errata/RHSA-2024:1864 | 2024-04-17 | |
| https://access.redhat.com/errata/RHSA-2024:1866 | 2024-04-17 | |
| https://access.redhat.com/security/cve/CVE-2024-1635 | 2024-04-16 | |
| https://bugzilla.redhat.com/show_bug.cgi?id=2264928 | 2024-04-16 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Redhat Search vendor "Redhat" | Amq Streams Search vendor "Redhat" for product "Amq Streams" | * | - |
Affected
| ||||||
| Redhat Search vendor "Redhat" | Build Keycloak Search vendor "Redhat" for product "Build Keycloak" | * | - |
Affected
| ||||||
| Redhat Search vendor "Redhat" | Build Of Optaplanner Search vendor "Redhat" for product "Build Of Optaplanner" | * | - |
Affected
| ||||||
| Redhat Search vendor "Redhat" | Build Of Quarkus Search vendor "Redhat" for product "Build Of Quarkus" | * | - |
Affected
| ||||||
| Redhat Search vendor "Redhat" | Camel Quarkus Search vendor "Redhat" for product "Camel Quarkus" | * | - |
Affected
| ||||||
| Redhat Search vendor "Redhat" | Camel Spring Boot Search vendor "Redhat" for product "Camel Spring Boot" | * | - |
Affected
| ||||||
| Redhat Search vendor "Redhat" | Data Grid Search vendor "Redhat" for product "Data Grid" | * | - |
Affected
| ||||||
| Redhat Search vendor "Redhat" | Integration Search vendor "Redhat" for product "Integration" | * | - |
Affected
| ||||||
| Redhat Search vendor "Redhat" | Integration Camel K Search vendor "Redhat" for product "Integration Camel K" | * | - |
Affected
| ||||||
| Redhat Search vendor "Redhat" | Integration Camel Quarkus Search vendor "Redhat" for product "Integration Camel Quarkus" | * | - |
Affected
| ||||||
| Redhat Search vendor "Redhat" | Jboss Data Grid Search vendor "Redhat" for product "Jboss Data Grid" | * | - |
Affected
| ||||||
| Redhat Search vendor "Redhat" | Jboss Enterprise Application Platform Search vendor "Redhat" for product "Jboss Enterprise Application Platform" | * | - |
Affected
| ||||||
| Redhat Search vendor "Redhat" | Jboss Enterprise Bpms Platform Search vendor "Redhat" for product "Jboss Enterprise Bpms Platform" | * | - |
Affected
| ||||||
| Redhat Search vendor "Redhat" | Jboss Fuse Search vendor "Redhat" for product "Jboss Fuse" | * | - |
Affected
| ||||||
| Redhat Search vendor "Redhat" | Jboss Fuse Service Works Search vendor "Redhat" for product "Jboss Fuse Service Works" | * | - |
Affected
| ||||||
| Redhat Search vendor "Redhat" | Keycloak Search vendor "Redhat" for product "Keycloak" | * | - |
Affected
| ||||||
| Redhat Search vendor "Redhat" | Openshift Search vendor "Redhat" for product "Openshift" | * | - |
Affected
| ||||||
| Redhat Search vendor "Redhat" | Optaplanner Search vendor "Redhat" for product "Optaplanner" | * | - |
Affected
| ||||||
| Redhat Search vendor "Redhat" | Process Automation Search vendor "Redhat" for product "Process Automation" | * | - |
Affected
| ||||||
| Redhat Search vendor "Redhat" | Quarkus Search vendor "Redhat" for product "Quarkus" | * | - |
Affected
| ||||||
| Redhat Search vendor "Redhat" | Red Hat Single Sign On Search vendor "Redhat" for product "Red Hat Single Sign On" | * | - |
Affected
| ||||||
| Redhat Search vendor "Redhat" | Rhosemc Search vendor "Redhat" for product "Rhosemc" | * | - |
Affected
| ||||||
| Redhat Search vendor "Redhat" | Serverless Search vendor "Redhat" for product "Serverless" | * | - |
Affected
| ||||||
| Redhat Search vendor "Redhat" | Service Registry Search vendor "Redhat" for product "Service Registry" | * | - |
Affected
| ||||||
| Redhat Search vendor "Redhat" | Enterprise Linux Search vendor "Redhat" for product "Enterprise Linux" | * | - |
Affected
| ||||||