CVE-2024-41172
5.3
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
Summary
In versions of Apache CXF before 3.6.4 and 4.0.5 (3.5.x and lower versions are not impacted), a CXF HTTP client conduit may prevent HTTPClient instances from being garbage collected and it is possible that memory consumption will continue to increase, eventually causing the application to run out of memory
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Apache Software Foundation | Apache CXF | 3.6.0, 4.0.0 < 3.6.4, 4.0.5 | affected |
Weaknesses
- CWE-401: CWE-401 Missing Release of Memory after Effective Lifetime
ADP Enrichment
CISA ADP Vulnrichment
- SSVC:
- Exploitation: none
- Automatable: yes
- Technical Impact: partial
CVE Program Container
Additional References
- https://lists.apache.org/thread/n2hvbrgwpdtcqdccod8by28ynnolybl6
- https://security.netapp.com/advisory/ntap-20240808-0008/
- http://www.openwall.com/lists/oss-security/2024/07/18/4
References
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.