vulnerability
Red Hat JBoss EAP: CVE-2024-8391: Allocation of Resources Without Limits or Throttling
| Severity | CVSS | Published | Added | Modified |
|---|---|---|---|---|
| 8 | (AV:N/AC:L/Au:N/C:N/I:N/A:C) | Sep 4, 2024 | Sep 19, 2024 | Jul 2, 2025 |
Severity
8
CVSS
(AV:N/AC:L/Au:N/C:N/I:N/A:C)
Published
Sep 4, 2024
Added
Sep 19, 2024
Modified
Jul 2, 2025
Description
In Eclipse Vert.x version 4.3.0 to 4.5.9, the gRPC server does not limit the maximum length of message payload (Maven GAV: io.vertx:vertx-grpc-server and io.vertx:vertx-grpc-client).
This is fixed in the 4.5.10 version.
Note this does not affect the Vert.x gRPC server based grpc-java and Netty libraries (Maven GAV: io.vertx:vertx-grpc). A flaw was found in the gRPC server in Eclipse Vert.x, which does not limit the maximum length of the message payload. This may lead to excessive memory consumption in a server or a client, causing a denial of service.
This is fixed in the 4.5.10 version.
Note this does not affect the Vert.x gRPC server based grpc-java and Netty libraries (Maven GAV: io.vertx:vertx-grpc). A flaw was found in the gRPC server in Eclipse Vert.x, which does not limit the maximum length of the message payload. This may lead to excessive memory consumption in a server or a client, causing a denial of service.
Solution
red-hat-jboss-eap-upgrade-latest
References
- CWE-770
- CVE-2024-8391
- https://attackerkb.com/topics/CVE-2024-8391
- URL-https://access.redhat.com/security/cve/CVE-2024-8391
- URL-https://bugzilla.redhat.com/show_bug.cgi?id=2309758
- URL-https://github.com/eclipse-vertx/vertx-grpc/issues/113
- URL-https://gitlab.eclipse.org/security/cve-assignement/-/issues/31
- URL-https://access.redhat.com/errata/RHSA-2025:0542
NEW
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.