CVE-2024-41172
Apache CXF: Unrestricted memory consumption in CXF HTTP clients
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
In versions of Apache CXF before 3.6.4 and 4.0.5 (3.5.x and lower versions are not impacted), a CXF HTTP client conduit may prevent HTTPClient instances from being garbage collected and it is possible that memory consumption will continue to increase, eventually causing the application to run out of memory
En las versiones de Apache CXF anteriores a 3.6.4 y 4.0.5 (las versiones 3.5.x y inferiores no se ven afectadas), un conducto de cliente HTTP de CXF puede impedir que las instancias de HTTPClient se recopilen como basura y es posible que el consumo de memoria continúe aumentando eventualmente causando que la aplicación se quede sin memoria.
A memory consumption flaw was found in Apache CXF. This issue may allow a CXF HTTP client conduit to prevent HTTPClient instances from being garbage collected, eventually causing the application to run out of memory.
CVSS Scores
SSVC
- Decision:Attend
Timeline
- 2024-07-17 CVE Reserved
- 2024-07-19 CVE Published
- 2024-08-21 EPSS Updated
- 2024-09-13 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-401: Missing Release of Memory after Effective Lifetime
CAPEC
References (3)
URL | Tag | Source |
---|
URL | Date | SRC |
---|
URL | Date | SRC |
---|
URL | Date | SRC |
---|---|---|
https://lists.apache.org/thread/n2hvbrgwpdtcqdccod8by28ynnolybl6 | 2024-07-19 | |
https://access.redhat.com/security/cve/CVE-2024-41172 | 2024-11-04 | |
https://bugzilla.redhat.com/show_bug.cgi?id=2298829 | 2024-11-04 |
Affected Vendors, Products, and Versions
Vendor | Product | Version | Other | Status | ||||||
---|---|---|---|---|---|---|---|---|---|---|
Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
Apache Software Foundation Search vendor "Apache Software Foundation" | Apache CXF Search vendor "Apache Software Foundation" for product "Apache CXF" | < 3.6.4 Search vendor "Apache Software Foundation" for product "Apache CXF" and version " < 3.6.4" | en |
Affected
| ||||||
Apache Software Foundation Search vendor "Apache Software Foundation" | Apache CXF Search vendor "Apache Software Foundation" for product "Apache CXF" | < 4.0.5 Search vendor "Apache Software Foundation" for product "Apache CXF" and version " < 4.0.5" | en |
Affected
|