CVE-2018-12541
Summary
| CVE | CVE-2018-12541 |
|---|---|
| State | PUBLIC |
| Assigner | [email protected] |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2018-10-10 20:29:00 UTC |
| Updated | 2023-11-07 02:52:00 UTC |
| Description | In version from 3.0.0 to 3.5.3 of Eclipse Vert.x, the WebSocket HTTP upgrade implementation buffers the full http request before doing the handshake, holding the entire request body in memory. There should be a reasonnable limit (8192 bytes) above which the WebSocket gets an HTTP response with the 413 status code and the connection gets closed. |
Risk And Classification
Problem Types: CWE-119
NVD Known Affected Configurations (CPE 2.3)
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| Pony Mail! | MLIST | lists.apache.org | |
| [pulsar-commits] 20210513 [pulsar] 30/46: [Security] Upgrade vertx to 3.9.7, addresses CVE-2018-12541 (#10261) | lists.apache.org | ||
| 539170 – (CVE-2018-12541) WebSocket HTTP upgrade implementation buffers the full http request before doing the handshake | CONFIRM | bugs.eclipse.org | Third Party Advisory |
| Pony Mail! | MLIST | lists.apache.org | |
| Red Hat Customer Portal | REDHAT | access.redhat.com | Third Party Advisory |
| Pony Mail! | lists.apache.org | ||
| [bookkeeper-issues] 20210618 [GitHub] [bookkeeper] lhotari commented on pull request #2693: [Security] Upgrade vertx to 3.9.8, addresses CVE-2018-12541 | lists.apache.org | ||
| Pony Mail! | MLIST | lists.apache.org | |
| Pony Mail! | MLIST | lists.apache.org | |
| [bookkeeper-issues] 20210623 [GitHub] [bookkeeper] sijie merged pull request #2693: [Security] Upgrade vertx to 3.9.8, addresses CVE-2018-12541 | lists.apache.org | ||
| Pony Mail! | MLIST | lists.apache.org | |
| WebSocket upgrade request body limit · Issue #2648 · eclipse-vertx/vert.x · GitHub | CONFIRM | github.com | Third Party Advisory |
| Pony Mail! | MLIST | lists.apache.org | |
| [pulsar-commits] 20210419 [GitHub] [pulsar] eolivelli merged pull request #10261: [Security] Upgrade vertx to 3.9.7, addresses CVE-2018-12541 | lists.apache.org | ||
| Pony Mail! | MLIST | lists.apache.org | |
| Pony Mail! | MLIST | lists.apache.org | |
| Pony Mail! | MLIST | lists.apache.org | |
| [bookkeeper-commits] 20210817 [bookkeeper] 01/03: [Security] Upgrade vertx to 3.9.8, addresses CVE-2018-12541 (#2693) | lists.apache.org | ||
| [bookkeeper-issues] 20210419 [GitHub] [bookkeeper] lhotari opened a new pull request #2693: [Security] Upgrade vertx to 3.9.7, addresses CVE-2018-12541 | lists.apache.org | ||
| [pulsar-commits] 20210419 [GitHub] [pulsar] lhotari edited a comment on pull request #10261: [Security] Upgrade vertx to 3.9.7, addresses CVE-2018-12541 | lists.apache.org | ||
| Pony Mail! | MLIST | lists.apache.org | |
| [pulsar-commits] 20210419 [pulsar] branch master updated: [Security] Upgrade vertx to 3.9.7, addresses CVE-2018-12541 (#10261) | lists.apache.org | ||
| Pony Mail! | MLIST | lists.apache.org | |
| [pulsar-commits] 20210419 [GitHub] [pulsar] lhotari commented on pull request #10261: [Security] Upgrade vertx to 3.9.7, addresses CVE-2018-12541 | lists.apache.org | ||
| [bookkeeper-issues] 20210421 [GitHub] [bookkeeper] lhotari commented on pull request #2693: [Security] Upgrade vertx to 3.9.7, addresses CVE-2018-12541 | lists.apache.org | ||
| Pony Mail! | MLIST | lists.apache.org | |
| Pony Mail! | MLIST | lists.apache.org | |
| [bookkeeper-issues] 20210507 [GitHub] [bookkeeper] dlg99 commented on pull request #2693: [Security] Upgrade vertx to 3.9.7, addresses CVE-2018-12541 | lists.apache.org | ||
| [pulsar-commits] 20210419 [GitHub] [pulsar] lhotari opened a new pull request #10261: [Security] Upgrade vertx to 3.9.7, addresses CVE-2018-12541 | lists.apache.org | ||
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
No vendor comments have been submitted for this CVE.
Legacy QID Mappings
- 981498 Java (maven) Security Update for io.vertx:vertx-core (GHSA-45xm-v8gq-7jqx)