Okta Java Management SDK Improper Memory Cleanup Vulnerability Leading to Denial-of-Service
Vulnerability
A memory management vulnerability has been identified in the Okta Java Management SDK, specifically in versions 21.0.0 prior to 24.0.0. This issue arises in certain multithreaded implementations where threads are not properly terminated after completing requests. As a result, long-running applications may experience degraded performance and availability, potentially leading to a denial-of-service condition under sustained load.
Impact
The vulnerability can cause memory leaks, allowing for threads to remain active and unutilized, which can degrade application performance and availability over time. In long-running applications, this can create a denial-of-service condition by exhausting system resources.
Reproduction
To reproduce this vulnerability, use the Okta Java Management SDK in a version between 21.0.0 and 24.0.0. Implement a long-running application that uses the ApiClient in a multi-threaded manner. Monitor the application's memory usage over time to observe the improper cleanup of threads, which can lead to increased memory consumption and degraded performance.
Remediation
Upgrade the Okta Java Management SDK to version 24.0.1 or later.
Vulnerability Rating
Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.