CVE-2025-2240 | THREATINT

Description

A flaw was found in Smallrye, where smallrye-fault-tolerance is vulnerable to an out-of-memory (OOM) issue. This vulnerability is externally triggered when calling the metrics URI. Every call creates a new object within meterMap and may lead to a denial of service (DoS) issue.

PUBLISHED Reserved 2025-03-12 | Published 2025-03-12 | Updated 2025-11-24 | Assigner redhat

HIGH: 7.5CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Problem types

Improperly Controlled Sequential Memory Allocation

Product status

Default status

unaffected

6.3.0 (semver) before 6.4.2

affected

6.5.0 (semver) before 6.9.0

affected

Default status

unaffected

Default status

unaffected

Default status

unaffected

Default status

unaffected

Default status

affected

Default status

affected

Default status

unaffected

Default status

unknown

Default status

affected

Default status

affected

Default status

unaffected

Default status

unaffected

Timeline

2025-03-12:	Reported to Red Hat.
2025-03-12:	Made public.

References

access.redhat.com/errata/RHSA-2025:3376 (RHSA-2025:3376) vendor-advisory

access.redhat.com/errata/RHSA-2025:3541 (RHSA-2025:3541) vendor-advisory

access.redhat.com/errata/RHSA-2025:3543 (RHSA-2025:3543) vendor-advisory

access.redhat.com/security/cve/CVE-2025-2240 vdb-entry

bugzilla.redhat.com/show_bug.cgi?id=2351452 (RHBZ#2351452) issue-tracking

github.com/advisories/GHSA-gfh6-3pqw-x2j4

cve.org (CVE-2025-2240)

nvd.nist.gov (CVE-2025-2240)

Download JSON

help @ threatint.eu