REDHAT-BUG-2347319
First published: Mon Feb 24 2025(Updated: )
This vulnerability affects all currently maintained versions of the quarkus-resteasy extension. Applications exposing REST endpoints using this extension are susceptible to attacks where an adversary can intentionally cause client timeouts, leading to memory exhaustion and application failure. The issue has been addressed in a recent fix, and users are advised to update their dependencies accordingly.
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Red Hat Quarkus RESTEasy | < |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of REDHAT-BUG-2347319?
The severity of REDHAT-BUG-2347319 is high due to the potential for memory exhaustion and application failure.
How do I fix REDHAT-BUG-2347319?
To fix REDHAT-BUG-2347319, you should update your quarkus-resteasy extension to the latest patched version provided by Red Hat.
Who is affected by REDHAT-BUG-2347319?
All currently maintained versions of the quarkus-resteasy extension in applications exposing REST endpoints are affected by REDHAT-BUG-2347319.
What type of attacks can be executed due to REDHAT-BUG-2347319?
Due to REDHAT-BUG-2347319, attackers can exploit client timeouts to cause memory exhaustion in applications.
What software component does REDHAT-BUG-2347319 affect?
REDHAT-BUG-2347319 affects the Red Hat quarkus-resteasy extension for building RESTful web services.
- agent/first-publish-date
- agent/type
- agent/severity
- agent/source
- agent/description
- agent/event
- agent/guess-ai
- agent/software-canonical-lookup
- agent/softwarecombine
- agent/references
- agent/last-modified-date
- agent/tags
- collector/redhat-bugzilla
- source/Red Hat
- alias/CVE-2025-1634
- vendor/red hat
- canonical/red hat quarkus resteasy