CVE-2024-41172

July 19, 2024, 1:01 p.m.

Product(s) Impacted

Apache CXF

  • before 3.6.4
  • before 4.0.5

Description

In versions of Apache CXF before 3.6.4 and 4.0.5 (3.5.x and lower versions are not impacted), a CXF HTTP client conduit may prevent HTTPClient instances from being garbage collected and it is possible that memory consumption will continue to increase, eventually causing the application to run out of memory

Weaknesses

CWE-401
Missing Release of Memory after Effective Lifetime

The product does not sufficiently track and release allocated memory after it has been used, which slowly consumes remaining memory.

CWE ID: 401

Date

Published: July 19, 2024, 9:15 a.m.

Last Modified: July 19, 2024, 1:01 p.m.

Status : Undergoing Analysis

CVE has been recently published to the CVE List and has been received by the NVD.

More info

Source

security@apache.org

References