CVE-2024-41172

In versions of Apache CXF before 3.6.4 and 4.0.5 (3.5.x and lower versions are not impacted), a CXF HTTP client conduit may prevent HTTPClient instances from being garbage collected and it is possible that memory consumption will continue to increase, eventually causing the application to run out of memory
References
Link Resource
https://lists.apache.org/thread/n2hvbrgwpdtcqdccod8by28ynnolybl6 Mailing List Vendor Advisory
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:apache:cxf:*:*:*:*:*:*:*:*
cpe:2.3:a:apache:cxf:*:*:*:*:*:*:*:*

History

07 Aug 2024, 20:16

Type Values Removed Values Added
CPE cpe:2.3:a:apache:cxf:*:*:*:*:*:*:*:*
CVSS v2 : unknown
v3 : 5.3
v2 : unknown
v3 : 7.5
First Time Apache
Apache cxf
References () https://lists.apache.org/thread/n2hvbrgwpdtcqdccod8by28ynnolybl6 - () https://lists.apache.org/thread/n2hvbrgwpdtcqdccod8by28ynnolybl6 - Mailing List, Vendor Advisory

01 Aug 2024, 13:58

Type Values Removed Values Added
CVSS v2 : unknown
v3 : unknown
v2 : unknown
v3 : 5.3
Summary
  • (es) En las versiones de Apache CXF anteriores a 3.6.4 y 4.0.5 (las versiones 3.5.x y inferiores no se ven afectadas), un conducto de cliente HTTP de CXF puede impedir que las instancias de HTTPClient se recopilen como basura y es posible que el consumo de memoria continúe aumentando eventualmente causando que la aplicación se quede sin memoria.

19 Jul 2024, 09:15

Type Values Removed Values Added
New CVE

Information

Published : 2024-07-19 09:15

Updated : 2024-08-07 20:16


NVD link : CVE-2024-41172

Mitre link : CVE-2024-41172

CVE.ORG link : CVE-2024-41172


JSON object : View

Products Affected

apache

  • cxf
CWE
CWE-401

Missing Release of Memory after Effective Lifetime