1. Home
  2. Vulnerabilities
  3. CVE-2024-41172

CVE-2024-41172

CVSS v3.1 7.5 (High)
75% Progress
EPSS 0.09 % (39th)
0.09% Progress
Affected Products 1
Advisories 1
NVD Status Analyzed
Info CVSS EPSS Affected Configurations References Security Advisories Packages & Software Tools, Exploits & PoC Graph Web & Social Timeline

In versions of Apache CXF before 3.6.4 and 4.0.5 (3.5.x and lower versions are not impacted), a CXF HTTP client conduit may prevent HTTPClient instances from being garbage collected and it is possible that memory consumption will continue to increase, eventually causing the application to run out of memory

Weaknesses
CWE-401
Missing Release of Memory after Effective Lifetime
CVE Status
PUBLISHED
NVD Status
Analyzed
CNA
Apache Software Foundation
Published Date
2024-07-19 09:15:05
(2 months ago)
Updated Date
2024-08-07 20:16:45
(6 weeks ago)

Affected Products

Apache

Configuration #1

    CPE23 From Up To
  Apache Cxf from 3.6.0 version and prior 3.6.4 version cpe:2.3:a:apache:cxf >= 3.6.0 < 3.6.4
  Apache Cxf from 4.0.0 version and prior 4.0.5 version cpe:2.3:a:apache:cxf >= 4.0.0 < 4.0.5