REDHAT-BUG-2298829
First published: Fri Jul 19 2024(Updated: )
In versions of Apache CXF before 3.6.4 and 4.0.5 (3.5.x and lower versions are not impacted), a CXF HTTP client conduit may prevent HTTPClient instances from being garbage collected and it is possible that memory consumption will continue to increase, eventually causing the application to run out of memory
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Apache CXF | <3.6.4<4.0.5 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of REDHAT-BUG-2298829?
The severity of REDHAT-BUG-2298829 is considered to be high due to potential memory leaks leading to application crashes.
How do I fix REDHAT-BUG-2298829?
To fix REDHAT-BUG-2298829, upgrade Apache CXF to version 3.6.4 or higher, or 4.0.5 or higher.
Which versions of Apache CXF are affected by REDHAT-BUG-2298829?
Versions of Apache CXF before 3.6.4 and 4.0.5 are affected by REDHAT-BUG-2298829.
What are the consequences of ignoring REDHAT-BUG-2298829?
Ignoring REDHAT-BUG-2298829 may lead to increased memory consumption and eventually cause the application to run out of memory.
Is REDHAT-BUG-2298829 specific to any operating system?
REDHAT-BUG-2298829 is specific to the Apache CXF library and is not limited to any specific operating system.
- agent/severity
- agent/type
- agent/first-publish-date
- agent/description
- agent/event
- collector/redhat-bugzilla
- source/Red Hat
- alias/CVE-2024-41172
- agent/last-modified-date
- agent/references
- agent/source
- agent/softwarecombine
- agent/tags
- agent/guess-ai
- agent/software-canonical-lookup
- agent/software-canonical-lookup-request
- vendor/apache
- canonical/apache cxf