CVE-2024-1635

A vulnerability was found in Undertow. This vulnerability impacts a server that supports the wildfly-http-client protocol. Whenever a malicious user opens and closes a connection with the HTTP port of the server and then closes the connection immediately, the server will end with both memory and open file limits exhausted at some point, depending on the amount of memory available.

At HTTP upgrade to remoting, the WriteTimeoutStreamSinkConduit leaks connections if RemotingConnection is closed by Remoting ServerConnectionOpenListener. Because the remoting connection originates in Undertow as part of the HTTP upgrade, there is an external layer to the remoting connection. This connection is unaware of the outermost layer when closing the connection during the connection opening procedure. Hence, the Undertow WriteTimeoutStreamSinkConduit is not notified of the closed connection in this scenario. Because WriteTimeoutStreamSinkConduit creates a timeout task, the whole dependency tree leaks via that task, which is added to XNIO WorkerThread. So, the workerThread points to the Undertow conduit, which contains the connections and causes the leak.

References

Affected packages

Git / github.com/libfuse/libfuse

Affected ranges

Type: GIT
Repo: https://github.com/libfuse/libfuse
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Last affected

ce63733284dd6519d2f4ca03c6aa8a6caa328379

Affected versions

Other

debian_version_0_95-1

debian_version_1_0-1

fuse_0_9

fuse_0_95

start

Database specific

source

"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2024-1635.json"

Git / gitlab.com/gnutls/gnutls

Affected ranges

Type: GIT
Repo: https://gitlab.com/gnutls/gnutls
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Last affected

93310c3797f8fc660fa5f8832ea6694f54d9e68a

Affected versions

Other

gnutls-0-0-7

gnutls-0-1-0-srp

gnutls-0_1_2

gnutls0-0-4

gnutls0-0-5

gnutls0-0-6

gnutls_0_1_4

gnutls_0_1_9

gnutls_0_2_0

gnutls_0_2_1

gnutls_0_2_10

gnutls_0_2_11

gnutls_0_2_2

gnutls_0_2_3

gnutls_0_2_4

gnutls_0_2_9

gnutls_0_2_90

gnutls_0_2_91

gnutls_0_3_0

gnutls_0_3_1

gnutls_0_3_2

gnutls_0_3_90

gnutls_0_3_91

gnutls_0_3_92

gnutls_0_4_0

gnutls_0_4_1

gnutls_0_4_2

gnutls_0_4_3

gnutls_0_4_with_libtasn1

gnutls_0_5_0

gnutls_0_5_1

gnutls_0_5_10

gnutls_0_5_11

gnutls_0_5_4

gnutls_0_5_5

gnutls_0_5_6

gnutls_0_5_7

gnutls_0_5_8

gnutls_0_5_9

gnutls_0_5_x_before_export_ciphersuites

gnutls_0_5_x_before_int_fixes

gnutls_0_5_x_before_types_change

gnutls_0_5_x_with_export_ciphersuites

gnutls_0_6_0

gnutls_0_8_0

gnutls_0_8_1

gnutls_0_9_1

gnutls_0_9_2

gnutls_0_9_3

gnutls_0_9_4

gnutls_0_9_5

gnutls_0_9_6

gnutls_0_9_7

gnutls_0_9_8

gnutls_0_9_90

gnutls_0_9_91

gnutls_0_9_92

gnutls_0_9_93

gnutls_0_9_94

gnutls_0_9_95

gnutls_0_9_96

gnutls_0_9_97

gnutls_0_9_98

gnutls_0_9_99

gnutls_1_0_0

Database specific

source

"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2024-1635.json"