Vulnerability Details : CVE-2018-12541
In version from 3.0.0 to 3.5.3 of Eclipse Vert.x, the WebSocket HTTP upgrade implementation buffers the full http request before doing the handshake, holding the entire request body in memory. There should be a reasonnable limit (8192 bytes) above which the WebSocket gets an HTTP response with the 413 status code and the connection gets closed.
Vulnerability category: Overflow
Products affected by CVE-2018-12541
- cpe:2.3:a:eclipse:vert.x:*:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2018-12541
0.31%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 71 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2018-12541
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
4.0
|
MEDIUM | AV:N/AC:L/Au:S/C:N/I:N/A:P |
8.0
|
2.9
|
NIST | |
6.5
|
MEDIUM | CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H |
2.8
|
3.6
|
NIST |
CWE ids for CVE-2018-12541
-
The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data.Assigned by: nvd@nist.gov (Primary)
-
The product allocates memory based on an untrusted, large size value, but it does not ensure that the size is within expected limits, allowing arbitrary amounts of memory to be allocated.Assigned by: emo@eclipse.org (Secondary)
References for CVE-2018-12541
-
https://lists.apache.org/thread.html/re5ddabee26fbcadc7254d03a5a073d64080a9389adc9e452529664ed@%3Ccommits.pulsar.apache.org%3E
[GitHub] [pulsar] lhotari opened a new pull request #10261: [Security] Upgrade vertx to 3.9.7, addresses CVE-2018-12541 - Pony MailMailing List;Third Party Advisory
-
https://lists.apache.org/thread.html/r362835e6c7f34324ed24e318b363fcdd20cea91d0cea0b2e1164f73e@%3Cissues.bookkeeper.apache.org%3E
[GitHub] [bookkeeper] lhotari opened a new pull request #2693: [Security] Upgrade vertx to 3.9.7, addresses CVE-2018-12541 - Pony MailMailing List;Third Party Advisory
-
https://lists.apache.org/thread.html/r8db0431ecf93f2dd2128db5ddca897b33ba883b7f126648d6a9e4c47@%3Ccommits.pulsar.apache.org%3E
[pulsar] branch master updated: [Security] Upgrade vertx to 3.9.7, addresses CVE-2018-12541 (#10261) - Pony MailMailing List;Patch;Third Party Advisory
-
https://lists.apache.org/thread.html/rd0e44e8ef71eeaaa3cf3d1b8b41eb25894372e2995ec908ce7624d26@%3Ccommits.pulsar.apache.org%3E
[GitHub] [pulsar] yanshuchong opened a new issue #8967: CVSS issue list - Pony MailMailing List;Third Party Advisory
-
https://lists.apache.org/thread.html/reb3cc4f3e10264896a541813c0030ec9d9466ba9b722fe5d4adc91cd@%3Cissues.bookkeeper.apache.org%3E
[GitHub] [bookkeeper] lhotari commented on pull request #2693: [Security] Upgrade vertx to 3.9.8, addresses CVE-2018-12541 - Pony MailMailing List;Third Party Advisory
-
https://lists.apache.org/thread.html/r01123837ffbfdf5809e0a4ac354ad546e4ca8f18df89ee5a10eeb81b@%3Cissues.bookkeeper.apache.org%3E
[GitHub] [bookkeeper] sijie merged pull request #2693: [Security] Upgrade vertx to 3.9.8, addresses CVE-2018-12541 - Pony MailMailing List;Third Party Advisory
-
https://access.redhat.com/errata/RHSA-2018:2946
RHSA-2018:2946 - Security Advisory - Red Hat Customer PortalThird Party Advisory
-
https://lists.apache.org/thread.html/rbdc279ecdb7ac496a03befb05a53605c4ce2b67e14f8f4df4cfa1203@%3Cissues.bookkeeper.apache.org%3E
[GitHub] [bookkeeper] lhotari commented on pull request #2693: [Security] Upgrade vertx to 3.9.7, addresses CVE-2018-12541 - Pony MailMailing List;Third Party Advisory
-
https://lists.apache.org/thread.html/r98dc06e2b1c498d0e9eb5038d8e1aefd24e411e50522e7082dd9e0b7@%3Ccommits.bookkeeper.apache.org%3E
Pony Mail!Mailing List;Patch;Third Party Advisory
-
https://lists.apache.org/thread.html/r79789a0afb184abd13a2c07016e6e7ab8e64331f332b630bf82a2eed@%3Ccommits.pulsar.apache.org%3E
[pulsar] 30/46: [Security] Upgrade vertx to 3.9.7, addresses CVE-2018-12541 (#10261) - Pony MailMailing List;Patch;Third Party Advisory
-
https://bugs.eclipse.org/bugs/show_bug.cgi?id=539170
539170 – (CVE-2018-12541) WebSocket HTTP upgrade implementation buffers the full http request before doing the handshakeVendor Advisory
-
https://lists.apache.org/thread.html/r11789cd6d67ecca2d6f6bbb11e34495e68ee99287b6c59edf5b1a09c@%3Ccommits.pulsar.apache.org%3E
[GitHub] [pulsar] eolivelli merged pull request #10261: [Security] Upgrade vertx to 3.9.7, addresses CVE-2018-12541 - Pony MailMailing List;Third Party Advisory
-
https://github.com/eclipse-vertx/vert.x/issues/2648
WebSocket upgrade request body limit · Issue #2648 · eclipse-vertx/vert.x · GitHubThird Party Advisory
-
https://lists.apache.org/thread.html/r344235b1aea2f7fa2381495df1d77d02b595e3d7e4626e701f7c1062@%3Ccommits.pulsar.apache.org%3E
[GitHub] [pulsar] lhotari commented on pull request #10261: [Security] Upgrade vertx to 3.9.7, addresses CVE-2018-12541 - Pony MailMailing List;Third Party Advisory
-
https://lists.apache.org/thread.html/r1af71105539fe01fcecb92d2ecd8eea56c515fb1c80ecab4df424553@%3Cissues.bookkeeper.apache.org%3E
Pony Mail!Mailing List;Third Party Advisory
-
https://lists.apache.org/thread.html/r3da899890536af744dec897fbc561fd9810ac45e79a16164b53c31b2@%3Ccommits.pulsar.apache.org%3E
[GitHub] [pulsar] lhotari edited a comment on pull request #10261: [Security] Upgrade vertx to 3.9.7, addresses CVE-2018-12541 - Pony MailMailing List;Patch;Third Party Advisory
Jump to