CVE-2018-12541 is a vulnerability in Eclipse Vert X
Published on October 10, 2018
In version from 3.0.0 to 3.5.3 of Eclipse Vert.x, the WebSocket HTTP upgrade implementation buffers the full http request before doing the handshake, holding the entire request body in memory. There should be a reasonnable limit (8192 bytes) above which the WebSocket gets an HTTP response with the 413 status code and the connection gets closed.
Weakness Type
What is a Stack Exhaustion Vulnerability?
The product allocates memory based on an untrusted, large size value, but it does not ensure that the size is within expected limits, allowing arbitrary amounts of memory to be allocated.
CVE-2018-12541 has been classified to as a Stack Exhaustion vulnerability or weakness.
Products Associated with CVE-2018-12541
Want to know whenever a new CVE is published for Eclipse Vert X? stack.watch will email you.
Affected Versions
The Eclipse Foundation Eclipse Vert.x:- Version 3.0 and below unspecified is affected.
- Version unspecified, <= 3.5.3 is affected.
Exploit Probability
EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.