CVE-2024-1023 MEDIUM

CVE-2024-1023: Io.vertx/vertx-core: memory leak due to the use of netty fastthreadlocal data structures in vertx

Vendor Red Hat
Product CEQ 3.2
Weakness CWE-401
Published March 27, 2024
Last update November 7, 2025

CVSS base score

6.5/10
Attack vector Network
Attack complexity Low
Privileges required Low
User interaction None
Confidentiality None
Integrity None

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

What the vulnerability does

01Description

A vulnerability in the Eclipse Vert.x toolkit results in a memory leak due to using Netty FastThreadLocal data structures. Specifically, when the Vert.x HTTP client establishes connections to different hosts, triggering the memory leak. The leak can be accelerated with intimate runtime knowledge, allowing an attacker to exploit this vulnerability. For instance, a server accepting arbitrary internet addresses could serve as an attack vector by connecting to these addresses, thereby accelerating the memory leak.

Key dates

02Disclosure timeline

March 27, 2024 CVE published
November 7, 2025 Record updated