CVE-2024-41172
July 19, 2024, 1:01 p.m.
Tags
Product(s) Impacted
Apache CXF
- before 3.6.4
- before 4.0.5
Description
In versions of Apache CXF before 3.6.4 and 4.0.5 (3.5.x and lower versions are not impacted), a CXF HTTP client conduit may prevent HTTPClient instances from being garbage collected and it is possible that memory consumption will continue to increase, eventually causing the application to run out of memory
Weaknesses
CWE-401
Missing Release of Memory after Effective Lifetime
The product does not sufficiently track and release allocated memory after it has been used, which slowly consumes remaining memory.
CWE ID: 401Date
Published: July 19, 2024, 9:15 a.m.
Last Modified: July 19, 2024, 1:01 p.m.
Status : Undergoing Analysis
CVE has been recently published to the CVE List and has been received by the NVD.
More infoSource
security@apache.org
References
security@apache.org