A vulnerability in the Eclipse Vert.x toolkit results in a memory leak due to using Netty FastThreadLocal data structures. Specifically, when the Vert.x HTTP client establishes connections to different hosts, triggering the memory leak. The leak can be accelerated with intimate runtime knowledge, allowing an attacker to exploit this vulnerability. For instance, a server accepting arbitrary internet addresses could serve as an attack vector by connecting to these addresses, thereby accelerating the memory leak.
cryostat-tech Rocky
Fixed in: preview/cryostat-rhel8@sha256:d8b2fe76c91ac7bfc781cb4b73289dfe88f3add9a9e3d2f452c9e1034d83a2c8_arm64 RHSA-2024:2088 Fixed in: preview/cryostat-rhel8@sha256:99dab409d9e80a951f39c80f3429fa34ab1ed99f68d41f15fedf63cb33eb5c29_amd64 RHSA-2024:2088 cryostat-tech Red Hat / RHEL
Fixed in: preview/cryostat-rhel8@sha256:d8b2fe76c91ac7bfc781cb4b73289dfe88f3add9a9e3d2f452c9e1034d83a2c8_arm64 RHSA-2024:2088 Fixed in: preview/cryostat-rhel8@sha256:99dab409d9e80a951f39c80f3429fa34ab1ed99f68d41f15fedf63cb33eb5c29_amd64 RHSA-2024:2088 cryostat-tech-preview/cryostat Rocky
Fixed in: rhel8-operator@sha256:ecbc8c12eb93ba51d9f20bc53f6d83b730e0fd3a48facc3331daa34bd38fefdf_arm64 RHSA-2024:2088 Fixed in: operator-bundle@sha256:a737d333ff2270d1c4c5cdee31395840118f8845f1721215a0ed3339d6c0bfc7_arm64 RHSA-2024:2088 Fixed in: reports-rhel8@sha256:59d2392e2a211b2abfe7d7f077037a3b7d6a5a6300c993d8dd11ab6a833cdaed_arm64 RHSA-2024:2088 Fixed in: operator-bundle@sha256:818f32bf078b473ea3d3e414134d55b196333b179db54371c7a283e20ae720be_amd64 RHSA-2024:2088 Fixed in: reports-rhel8@sha256:007cd4be45dbe9627b80ae749b78b751fe9846da0659f2a4f73e801a7207c663_amd64 RHSA-2024:2088 Fixed in: rhel8-operator@sha256:734054cf4f9b68b186ae2024caf7401321c14c63a70188f771617cc3ae83dc64_amd64 RHSA-2024:2088 cryostat-tech-preview/cryostat Red Hat / RHEL
Fixed in: rhel8-operator@sha256:734054cf4f9b68b186ae2024caf7401321c14c63a70188f771617cc3ae83dc64_amd64 RHSA-2024:2088 Fixed in: reports-rhel8@sha256:007cd4be45dbe9627b80ae749b78b751fe9846da0659f2a4f73e801a7207c663_amd64 RHSA-2024:2088 Fixed in: operator-bundle@sha256:818f32bf078b473ea3d3e414134d55b196333b179db54371c7a283e20ae720be_amd64 RHSA-2024:2088 Fixed in: reports-rhel8@sha256:59d2392e2a211b2abfe7d7f077037a3b7d6a5a6300c993d8dd11ab6a833cdaed_arm64 RHSA-2024:2088 Fixed in: operator-bundle@sha256:a737d333ff2270d1c4c5cdee31395840118f8845f1721215a0ed3339d6c0bfc7_arm64 RHSA-2024:2088 Fixed in: rhel8-operator@sha256:ecbc8c12eb93ba51d9f20bc53f6d83b730e0fd3a48facc3331daa34bd38fefdf_arm64 RHSA-2024:2088 cryostat-tech-preview/cryostat-grafana Red Hat / RHEL
Fixed in: dashboard-rhel8@sha256:c6f6accf2843a8d682184c4856ed4a33718598ac93f408a6ae176499afebb98c_arm64 RHSA-2024:2088 Fixed in: dashboard-rhel8@sha256:ce37e72beb00a9eb2653cf6c248abf4d569cf3a708f83a67a0d4639f4893b31e_amd64 RHSA-2024:2088 cryostat-tech-preview/cryostat-grafana Rocky
Fixed in: dashboard-rhel8@sha256:c6f6accf2843a8d682184c4856ed4a33718598ac93f408a6ae176499afebb98c_arm64 RHSA-2024:2088 Fixed in: dashboard-rhel8@sha256:ce37e72beb00a9eb2653cf6c248abf4d569cf3a708f83a67a0d4639f4893b31e_amd64 RHSA-2024:2088 cryostat-tech-preview/jfr Rocky
Fixed in: datasource-rhel8@sha256:f28d25a215222f8d1e19b59ea479dc22b71380cd8c3ffa99ae562727fbb1b487_amd64 RHSA-2024:2088 Fixed in: datasource-rhel8@sha256:9b0de728776daa581545cce4c7ffac8ee35374b65968125dea89f5e896a958a7_arm64 RHSA-2024:2088 cryostat-tech-preview/jfr Red Hat / RHEL
Fixed in: datasource-rhel8@sha256:9b0de728776daa581545cce4c7ffac8ee35374b65968125dea89f5e896a958a7_arm64 RHSA-2024:2088 Fixed in: datasource-rhel8@sha256:f28d25a215222f8d1e19b59ea479dc22b71380cd8c3ffa99ae562727fbb1b487_amd64 RHSA-2024:2088 mta/mta Rocky
Fixed in: ui-rhel9@sha256:0e0167affe099168142b9ebdce5520e972dea63ff6c7f3cda48e0bb4ae4cd0ec_amd64 RHSA-2024:3989 Fixed in: pathfinder-rhel9@sha256:851d4890717247af6aa9b0b6da9be95fe8aeb70183834e9de15a4302c487b9f0_amd64 RHSA-2024:3989 Fixed in: rhel8-operator@sha256:f588b869c3f273eb20c4c80a9aa5acd4a84c56c1dd85429a39a7d2d60f28d41e_amd64 RHSA-2024:3989 Fixed in: operator-bundle@sha256:a13643117c2867351718a872f7f1b2350c67855ca73a727a1dc140754ffe6589_amd64 RHSA-2024:3989 Fixed in: hub-rhel9@sha256:325bec37f1ab499f8ae0abb38ca3929f66a0fe63b6ebdf60a1cdc3bbd79ad25e_amd64 RHSA-2024:3989 mta/mta Red Hat / RHEL
Fixed in: hub-rhel9@sha256:325bec37f1ab499f8ae0abb38ca3929f66a0fe63b6ebdf60a1cdc3bbd79ad25e_amd64 RHSA-2024:3989 Fixed in: rhel8-operator@sha256:f588b869c3f273eb20c4c80a9aa5acd4a84c56c1dd85429a39a7d2d60f28d41e_amd64 RHSA-2024:3989 Fixed in: operator-bundle@sha256:a13643117c2867351718a872f7f1b2350c67855ca73a727a1dc140754ffe6589_amd64 RHSA-2024:3989 Fixed in: ui-rhel9@sha256:0e0167affe099168142b9ebdce5520e972dea63ff6c7f3cda48e0bb4ae4cd0ec_amd64 RHSA-2024:3989 Fixed in: pathfinder-rhel9@sha256:851d4890717247af6aa9b0b6da9be95fe8aeb70183834e9de15a4302c487b9f0_amd64 RHSA-2024:3989 mta/mta-windup Red Hat / RHEL
Fixed in: addon-rhel9@sha256:7884928eb3d01d4f9c8b5463ef9f6cec7d7df4d669e6d30cafe05af60202b003_amd64 RHSA-2024:3989 mta/mta-windup Rocky
Fixed in: addon-rhel9@sha256:7884928eb3d01d4f9c8b5463ef9f6cec7d7df4d669e6d30cafe05af60202b003_amd64 RHSA-2024:3989 Remediation is compiled from vendor and distribution security advisories. Always confirm against the linked source for your exact version and platform.
Exploitability
Attack Vector Network
Attack Complexity Low
Privileges Required Low
User Interaction None
Scope Unchanged
Impact
Confidentiality None
Integrity None
Availability High
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
1.64% probability of exploitation in 30 days
73rd percentile
Elevated risk: more likely to be exploited than 73% of all known CVEs.
Other CWE-401 (Missing Release of Memory (Memory Leak)) vulnerabilities, ordered by exploit likelihood. View all
Embed a live status badge for CVE-2024-1023 Markdown
[](https://tridentstack.com/cve/CVE-2024-1023)HTML
<a href="https://tridentstack.com/cve/CVE-2024-1023"><img src="https://tridentstack.com/cve/badge/CVE-2024-1023.svg" alt="CVE-2024-1023"></a>Find and fix vulnerabilities across your fleet TridentStack Control continuously scans your Windows, macOS, and Linux fleet for known vulnerabilities, prioritizes them by severity and active exploitation, and patches them automatically.
Start free This product uses NVD data but is not endorsed or certified by the NVD. EPSS scores courtesy of FIRST.org (https://www.first.org/epss). Source: CISA KEV Catalog. Data as of 2024-11-25.