Primary

Context

Red Hat Quarkus RESTEasy Memory Leak Vulnerability

Vulnerability

Patched

A memory leak vulnerability has been identified in the Quarkus RESTEasy extension. This issue arises when client requests are made with short timeouts, causing buffers to be improperly released. The result is increased memory consumption, which can lead to an application crash due to an OutOfMemoryError.

Impact

Exploitation of this vulnerability causes a memory leak that can exhaust available memory, leading to an OutOfMemoryError and a complete application crash. In production environments, this poses a significant risk to service availability, especially for applications managing multiple concurrent requests.

Remediation

Users can upgrade to Red Hat build of Quarkus 3.15.3.SP1 or Red Hat build of Quarkus 3.8.6.SP3, both of which include the necessary fix. Instructions for applying this update are available on the Red Hat Customer Portal.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

2.4

impact

2.5

exploitability

4.7

remediation

7.7

relevance

0.0

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

2.4

impact

2.5

exploitability

4.7

remediation

7.7

relevance

0.0

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Red Hat Quarkus RESTEasy Memory Leak Vulnerability

Vulnerability

Impact

Remediation

Affected Products

Red Hat build of Quarkus

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating