CVE-2024-8391
6.9
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N
Summary
In Eclipse Vert.x version 4.3.0 to 4.5.9, the gRPC server does not limit the maximum length of message payload (Maven GAV: io.vertx:vertx-grpc-server and io.vertx:vertx-grpc-client).
This is fixed in the 4.5.10 version.
Note this does not affect the Vert.x gRPC server based grpc-java and Netty libraries (Maven GAV: io.vertx:vertx-grpc)
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Eclipse Foundation | Eclipse Vert.x | 4.3.0 < 4.5.10 | affected |
Weaknesses
- CWE-770: CWE-770 Allocation of Resources Without Limits or Throttling
ADP Enrichment
CISA ADP Vulnrichment
- SSVC:
- Exploitation: none
- Automatable: yes
- Technical Impact: partial
References
- https://gitlab.eclipse.org/security/cve-assignement/-/issues/31
- https://github.com/eclipse-vertx/vertx-grpc/issues/113
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.