In versions of Apache CXF before 3.6.4 and 4.0.5 (3.5.x and lower versions are not impacted), a CXF HTTP client conduit may prevent HTTPClient instances from being garbage collected and it is possible that memory consumption will continue to increase, eventually causing the application to run out of memory
References
Link | Resource |
---|---|
https://lists.apache.org/thread/n2hvbrgwpdtcqdccod8by28ynnolybl6 | Mailing List Vendor Advisory |
Configurations
History
07 Aug 2024, 20:16
Type | Values Removed | Values Added |
---|---|---|
CPE | cpe:2.3:a:apache:cxf:*:*:*:*:*:*:*:* | |
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 7.5 |
First Time |
Apache
Apache cxf |
|
References | () https://lists.apache.org/thread/n2hvbrgwpdtcqdccod8by28ynnolybl6 - Mailing List, Vendor Advisory |
01 Aug 2024, 13:58
Type | Values Removed | Values Added |
---|---|---|
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 5.3 |
Summary |
|
19 Jul 2024, 09:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2024-07-19 09:15
Updated : 2024-08-07 20:16
NVD link : CVE-2024-41172
Mitre link : CVE-2024-41172
CVE.ORG link : CVE-2024-41172
JSON object : View
Products Affected
apache
- cxf
CWE
CWE-401
Missing Release of Memory after Effective Lifetime