CVE-2018-12541: Buffer Overflow
First published: Wed Oct 10 2018(Updated: )
In version from 3.0.0 to 3.5.3 of Eclipse Vert.x, the WebSocket HTTP upgrade implementation buffers the full http request before doing the handshake, holding the entire request body in memory. There should be a reasonnable limit (8192 bytes) above which the WebSocket gets an HTTP response with the 413 status code and the connection gets closed.
Credit: emo@eclipse.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Eclipse Vert.x | >=3.0.0<3.5.4 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://access.redhat.com/errata/RHSA-2018:2946
- https://bugs.eclipse.org/bugs/show_bug.cgi?id=539170
- https://github.com/eclipse-vertx/vert.x/issues/2648
- https://lists.apache.org/thread.html/r01123837ffbfdf5809e0a4ac354ad546e4ca8f18df89ee5a10eeb81b@%3Cissues.bookkeeper.apache.org%3E
- https://lists.apache.org/thread.html/r11789cd6d67ecca2d6f6bbb11e34495e68ee99287b6c59edf5b1a09c@%3Ccommits.pulsar.apache.org%3E
- https://lists.apache.org/thread.html/r1af71105539fe01fcecb92d2ecd8eea56c515fb1c80ecab4df424553@%3Cissues.bookkeeper.apache.org%3E
- https://lists.apache.org/thread.html/r344235b1aea2f7fa2381495df1d77d02b595e3d7e4626e701f7c1062@%3Ccommits.pulsar.apache.org%3E
- https://lists.apache.org/thread.html/r362835e6c7f34324ed24e318b363fcdd20cea91d0cea0b2e1164f73e@%3Cissues.bookkeeper.apache.org%3E
- https://lists.apache.org/thread.html/r3da899890536af744dec897fbc561fd9810ac45e79a16164b53c31b2@%3Ccommits.pulsar.apache.org%3E
- https://lists.apache.org/thread.html/r79789a0afb184abd13a2c07016e6e7ab8e64331f332b630bf82a2eed@%3Ccommits.pulsar.apache.org%3E
- https://lists.apache.org/thread.html/r8db0431ecf93f2dd2128db5ddca897b33ba883b7f126648d6a9e4c47@%3Ccommits.pulsar.apache.org%3E
- https://lists.apache.org/thread.html/r98dc06e2b1c498d0e9eb5038d8e1aefd24e411e50522e7082dd9e0b7@%3Ccommits.bookkeeper.apache.org%3E
- https://lists.apache.org/thread.html/rbdc279ecdb7ac496a03befb05a53605c4ce2b67e14f8f4df4cfa1203@%3Cissues.bookkeeper.apache.org%3E
- https://lists.apache.org/thread.html/rd0e44e8ef71eeaaa3cf3d1b8b41eb25894372e2995ec908ce7624d26@%3Ccommits.pulsar.apache.org%3E
- https://lists.apache.org/thread.html/re5ddabee26fbcadc7254d03a5a073d64080a9389adc9e452529664ed@%3Ccommits.pulsar.apache.org%3E
- https://lists.apache.org/thread.html/reb3cc4f3e10264896a541813c0030ec9d9466ba9b722fe5d4adc91cd@%3Cissues.bookkeeper.apache.org%3E
- https://github.com/eclipse-vertx/vert.x/commit/269a583330695d1418a4f5578f7169350b2e1332
- https://access.redhat.com/support/policy/updates/jboss_notes
- https://access.redhat.com/errata/RHSA-2020:3192
- https://bugzilla.redhat.com/show_bug.cgi?id=1638391
- https://lists.apache.org/thread.html/rd0e44e8ef71eeaaa3cf3d1b8b41eb25894372e2995ec908ce7624d26%40%3Ccommits.pulsar.apache.org%3E
- https://lists.apache.org/thread.html/r344235b1aea2f7fa2381495df1d77d02b595e3d7e4626e701f7c1062%40%3Ccommits.pulsar.apache.org%3E
- https://lists.apache.org/thread.html/r362835e6c7f34324ed24e318b363fcdd20cea91d0cea0b2e1164f73e%40%3Cissues.bookkeeper.apache.org%3E
- https://lists.apache.org/thread.html/re5ddabee26fbcadc7254d03a5a073d64080a9389adc9e452529664ed%40%3Ccommits.pulsar.apache.org%3E
- https://lists.apache.org/thread.html/r8db0431ecf93f2dd2128db5ddca897b33ba883b7f126648d6a9e4c47%40%3Ccommits.pulsar.apache.org%3E
- https://lists.apache.org/thread.html/r3da899890536af744dec897fbc561fd9810ac45e79a16164b53c31b2%40%3Ccommits.pulsar.apache.org%3E
- https://lists.apache.org/thread.html/r11789cd6d67ecca2d6f6bbb11e34495e68ee99287b6c59edf5b1a09c%40%3Ccommits.pulsar.apache.org%3E
- https://lists.apache.org/thread.html/rbdc279ecdb7ac496a03befb05a53605c4ce2b67e14f8f4df4cfa1203%40%3Cissues.bookkeeper.apache.org%3E
- https://lists.apache.org/thread.html/r1af71105539fe01fcecb92d2ecd8eea56c515fb1c80ecab4df424553%40%3Cissues.bookkeeper.apache.org%3E
- https://lists.apache.org/thread.html/r79789a0afb184abd13a2c07016e6e7ab8e64331f332b630bf82a2eed%40%3Ccommits.pulsar.apache.org%3E
- https://lists.apache.org/thread.html/reb3cc4f3e10264896a541813c0030ec9d9466ba9b722fe5d4adc91cd%40%3Cissues.bookkeeper.apache.org%3E
- https://lists.apache.org/thread.html/r01123837ffbfdf5809e0a4ac354ad546e4ca8f18df89ee5a10eeb81b%40%3Cissues.bookkeeper.apache.org%3E
- https://lists.apache.org/thread.html/r98dc06e2b1c498d0e9eb5038d8e1aefd24e411e50522e7082dd9e0b7%40%3Ccommits.bookkeeper.apache.org%3E
Frequently Asked Questions
What is the severity of CVE-2018-12541?
CVE-2018-12541 has a severity rating that indicates a vulnerability in how Eclipse Vert.x handles WebSocket HTTP upgrades.
How do I fix CVE-2018-12541?
To fix CVE-2018-12541, upgrade Eclipse Vert.x to version 3.5.4 or later.
What versions of Eclipse Vert.x are affected by CVE-2018-12541?
Eclipse Vert.x versions from 3.0.0 to 3.5.3 are affected by CVE-2018-12541.
What impact does CVE-2018-12541 have on Eclipse Vert.x applications?
CVE-2018-12541 can lead to excessive memory usage due to unbounded buffering of WebSocket requests.
Is CVE-2018-12541 a critical vulnerability?
CVE-2018-12541 is not rated as critical, but it poses a significant risk due to potential resource exhaustion.
- agent/type
- agent/remedy
- agent/softwarecombine
- agent/severity
- agent/weakness
- agent/author
- agent/description
- collector/redhat-bugzilla
- source/Red Hat
- alias/CVE-2018-12541
- agent/software-canonical-lookup
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/references
- agent/first-publish-date
- agent/event
- agent/source
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- package-manager/redhat
- vendor/eclipse
- canonical/eclipse vert.x
- version/eclipse vert.x/3.0.0