VDB
CVE-2018-12541
CVE-2018-12541
PUBLISHED
Reported by eclipse · Published October 10, 2018
In version from 3.0.0 to 3.5.3 of Eclipse Vert.x, the WebSocket HTTP upgrade implementation buffers the full http request before doing the handshake, holding the entire request body in memory. There should be a reasonnable limit (8192 bytes) above which the WebSocket gets an HTTP response with the 413 status code and the connection gets closed.
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| The Eclipse Foundation | Eclipse Vert.x | 3.0, unspecified |
| Maven | io.vertx:vertx-core | 3.0.0, 3.0.0 |
| The Eclipse Foundation | Eclipse Vert.x | unspecified, 3.0, 3.0 |
Timeline
- Oct 10, 2018 CVE Published
- Apr 14, 2021 EPSS Score
- Apr 19, 2021 EPSS Score
- Apr 20, 2021 EPSS Score
- Aug 24, 2021 EPSS Score
- Oct 26, 2021 EPSS Score
- Dec 27, 2021 EPSS Score
- Feb 4, 2022 EPSS Score
- May 2, 2022 EPSS Score
- Jul 3, 2022 EPSS Score
- Sep 5, 2022 EPSS Score
- Nov 6, 2022 EPSS Score
References
- x_refsource_CONFIRM
- x_refsource_CONFIRM
- RHSA-2018:2946 vendor-advisoryx_refsource_REDHAT
- [pulsar-commits] 20201215 [GitHub] [pulsar] yanshuchong opened a new issue #8967: CVSS issue list mailing-listx_refsource_MLIST
- [pulsar-commits] 20210419 [GitHub] [pulsar] lhotari commented on pull request #10261: [Security] Upgrade vertx to 3.9.7, addresses CVE-2018-12541 mailing-listx_refsource_MLIST
- [bookkeeper-issues] 20210419 [GitHub] [bookkeeper] lhotari opened a new pull request #2693: [Security] Upgrade vertx to 3.9.7, addresses CVE-2018-12541 mailing-listx_refsource_MLIST
- [pulsar-commits] 20210419 [GitHub] [pulsar] lhotari opened a new pull request #10261: [Security] Upgrade vertx to 3.9.7, addresses CVE-2018-12541 mailing-listx_refsource_MLIST
- [pulsar-commits] 20210419 [pulsar] branch master updated: [Security] Upgrade vertx to 3.9.7, addresses CVE-2018-12541 (#10261) mailing-listx_refsource_MLIST
- [pulsar-commits] 20210419 [GitHub] [pulsar] lhotari edited a comment on pull request #10261: [Security] Upgrade vertx to 3.9.7, addresses CVE-2018-12541 mailing-listx_refsource_MLIST
- [pulsar-commits] 20210419 [GitHub] [pulsar] eolivelli merged pull request #10261: [Security] Upgrade vertx to 3.9.7, addresses CVE-2018-12541 mailing-listx_refsource_MLIST
- [bookkeeper-issues] 20210421 [GitHub] [bookkeeper] lhotari commented on pull request #2693: [Security] Upgrade vertx to 3.9.7, addresses CVE-2018-12541 mailing-listx_refsource_MLIST
- [bookkeeper-issues] 20210507 [GitHub] [bookkeeper] dlg99 commented on pull request #2693: [Security] Upgrade vertx to 3.9.7, addresses CVE-2018-12541 mailing-listx_refsource_MLIST
- [pulsar-commits] 20210513 [pulsar] 30/46: [Security] Upgrade vertx to 3.9.7, addresses CVE-2018-12541 (#10261) mailing-listx_refsource_MLIST
- [bookkeeper-issues] 20210618 [GitHub] [bookkeeper] lhotari commented on pull request #2693: [Security] Upgrade vertx to 3.9.8, addresses CVE-2018-12541 mailing-listx_refsource_MLIST
- [bookkeeper-issues] 20210623 [GitHub] [bookkeeper] sijie merged pull request #2693: [Security] Upgrade vertx to 3.9.8, addresses CVE-2018-12541 mailing-listx_refsource_MLIST
- [bookkeeper-commits] 20210817 [bookkeeper] 01/03: [Security] Upgrade vertx to 3.9.8, addresses CVE-2018-12541 (#2693) mailing-listx_refsource_MLIST
- https://nvd.nist.gov/vuln/detail/CVE-2018-12541 advisory
- https://github.com/advisories/GHSA-45xm-v8gq-7jqx advisory