CVE-2024-41172

July 19, 2024, 1:01 p.m.

Tags

security@apache.org
CWE-401
2024-07-19
CVE-2024-41172

Product(s) Impacted

Apache CXF

  • before 3.6.4
  • before 4.0.5

Description

In versions of Apache CXF before 3.6.4 and 4.0.5 (3.5.x and lower versions are not impacted), a CXF HTTP client conduit may prevent HTTPClient instances from being garbage collected and it is possible that memory consumption will continue to increase, eventually causing the application to run out of memory

Weaknesses

CWE-401
Missing Release of Memory after Effective Lifetime

The product does not sufficiently track and release allocated memory after it has been used, which slowly consumes remaining memory.

CWE ID: 401

Date

Published: July 19, 2024, 9:15 a.m.

Last Modified: July 19, 2024, 1:01 p.m.

Status : Undergoing Analysis

CVE has been recently published to the CVE List and has been received by the NVD.

More info

Source

security@apache.org

References

https://lists.apache.org/thread/n2hvbrgwpdtcqdccod8by28ynnolybl6
security@apache.org