{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2024-6875", "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "state": "PUBLISHED", "assignerShortName": "redhat", "dateReserved": "2024-07-18T05:05:19.468Z", "datePublished": "2025-03-28T20:34:30.859Z", "dateUpdated": "2025-08-13T12:23:18.763Z"}, "containers": {"cna": {"title": "Infinispan: infinispan: rest compare api has buffer leak", "metrics": [{"other": {"content": {"value": "Moderate", "namespace": "https://access.redhat.com/security/updates/classification/"}, "type": "Red Hat severity rating"}}, {"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "format": "CVSS"}], "descriptions": [{"lang": "en", "value": "A vulnerability was found in the Infinispan component in Red Hat Data Grid. The REST compare API may have a buffer leak and an out of memory error can occur when sending continual requests with large POST data to the REST API."}], "affected": [{"versions": [{"status": "affected", "version": "0", "lessThan": "15.0.6", "versionType": "semver"}], "packageName": "infinispan", "collectionURL": "https://github.com/infinispan/infinispan", "defaultStatus": "unaffected"}, {"vendor": "Red Hat", "product": "Red Hat Data Grid 8", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "infinispan", "defaultStatus": "affected", "cpes": ["cpe:/a:redhat:jboss_data_grid:8"]}, {"vendor": "Red Hat", "product": "Red Hat JBoss Data Grid 7", "collectionURL": "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html", "packageName": "infinispan", "defaultStatus": "affected", "cpes": ["cpe:/a:redhat:jboss_data_grid:7"]}], "references": [{"url": "https://access.redhat.com/security/cve/CVE-2024-6875", "tags": ["vdb-entry", "x_refsource_REDHAT"]}, {"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2298555", "name": "RHBZ#2298555", "tags": ["issue-tracking", "x_refsource_REDHAT"]}], "datePublic": "2025-03-28T20:30:20.461Z", "problemTypes": [{"descriptions": [{"cweId": "CWE-401", "description": "Missing Release of Memory after Effective Lifetime", "lang": "en", "type": "CWE"}]}], "x_redhatCweChain": "CWE-401: Missing Release of Memory after Effective Lifetime", "timeline": [{"lang": "en", "time": "2024-07-18T05:02:24+00:00", "value": "Reported to Red Hat."}, {"lang": "en", "time": "2025-03-28T20:30:20.461000+00:00", "value": "Made public."}], "providerMetadata": {"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat", "dateUpdated": "2025-08-13T12:23:18.763Z"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2025-03-31T14:31:56.854512Z", "id": "CVE-2024-6875", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-03-31T14:32:06.785Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-6875", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2025-03-31T14:31:56.854512Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-03-31T14:32:01.503Z"}}], "cna": {"title": "Infinispan: infinispan: rest compare api has buffer leak", "metrics": [{"other": {"type": "Red Hat severity rating", "content": {"value": "Moderate", "namespace": "https://access.redhat.com/security/updates/classification/"}}}, {"format": "CVSS", "cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6.5, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "NONE"}}], "affected": [{"versions": [{"status": "affected", "version": "0", "lessThan": "15.0.6", "versionType": "semver"}], "packageName": "infinispan", "collectionURL": "https://github.com/infinispan/infinispan", "defaultStatus": "unaffected"}, {"cpes": ["cpe:/a:redhat:jboss_data_grid:8"], "vendor": "Red Hat", "product": "Red Hat Data Grid 8", "packageName": "infinispan", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "defaultStatus": "affected"}, {"cpes": ["cpe:/a:redhat:jboss_data_grid:7"], "vendor": "Red Hat", "product": "Red Hat JBoss Data Grid 7", "packageName": "infinispan", "collectionURL": "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html", "defaultStatus": "affected"}], "timeline": [{"lang": "en", "time": "2024-07-18T05:02:24+00:00", "value": "Reported to Red Hat."}, {"lang": "en", "time": "2025-03-28T20:30:20.461000+00:00", "value": "Made public."}], "datePublic": "2025-03-28T20:30:20.461Z", "references": [{"url": "https://access.redhat.com/security/cve/CVE-2024-6875", "tags": ["vdb-entry", "x_refsource_REDHAT"]}, {"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2298555", "name": "RHBZ#2298555", "tags": ["issue-tracking", "x_refsource_REDHAT"]}], "descriptions": [{"lang": "en", "value": "A vulnerability was found in the Infinispan component in Red Hat Data Grid. The REST compare API may have a buffer leak and an out of memory error can occur when sending continual requests with large POST data to the REST API."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-401", "description": "Missing Release of Memory after Effective Lifetime"}]}], "providerMetadata": {"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat", "dateUpdated": "2025-08-13T12:23:18.763Z"}, "x_redhatCweChain": "CWE-401: Missing Release of Memory after Effective Lifetime"}}, "cveMetadata": {"cveId": "CVE-2024-6875", "state": "PUBLISHED", "dateUpdated": "2025-08-13T12:23:18.763Z", "dateReserved": "2024-07-18T05:05:19.468Z", "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "datePublished": "2025-03-28T20:34:30.859Z", "assignerShortName": "redhat"}, "dataVersion": "5.1"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "A vulnerability was found in the Infinispan component in Red Hat Data Grid. The REST compare API may have a buffer leak and an out of memory error can occur when sending continual requests with large POST data to the REST API."}, {"lang": "es", "value": "Se detect\u00f3 una vulnerabilidad en el componente Infinispan de Red Hat Data Grid. La API de comparaci\u00f3n REST podr\u00eda tener una fuga de b\u00fafer y un error de memoria insuficiente al enviar solicitudes continuas con grandes cantidades de datos POST a la API REST."}], "id": "CVE-2024-6875", "lastModified": "2025-04-01T20:26:30.593", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 3.6, "source": "secalert@redhat.com", "type": "Primary"}]}, "published": "2025-03-28T21:15:17.400", "references": [{"source": "secalert@redhat.com", "url": "https://access.redhat.com/security/cve/CVE-2024-6875"}, {"source": "secalert@redhat.com", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2298555"}], "sourceIdentifier": "secalert@redhat.com", "vulnStatus": "Awaiting Analysis", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-401"}], "source": "secalert@redhat.com", "type": "Primary"}]}

{"bugzilla": {"description": "infinispan: infinispan: REST compare API has buffer leak", "id": "2298555", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2298555"}, "csaw": false, "cvss3": {"cvss3_base_score": "6.5", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "status": "draft"}, "cwe": "CWE-401", "details": ["A vulnerability was found in the Infinispan component in Red Hat Data Grid. The REST compare API may have a buffer leak and an out of memory error can occur when sending continual requests with large POST data to the REST API.", "A vulnerability was found in the Infinispan component in Red Hat Data Grid. The REST compare API may have a buffer leak and an out of memory error can occur when sending continual requests with large POST data to the REST API."], "name": "CVE-2024-6875", "package_state": [{"cpe": "cpe:/a:redhat:jboss_data_grid:8", "fix_state": "Affected", "package_name": "infinispan", "product_name": "Red Hat Data Grid 8"}, {"cpe": "cpe:/a:redhat:jboss_data_grid:7", "fix_state": "Affected", "package_name": "infinispan", "product_name": "Red Hat JBoss Data Grid 7"}], "public_date": "2025-03-28T20:30:20Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2024-6875\nhttps://nvd.nist.gov/vuln/detail/CVE-2024-6875"], "statement": "The REST endpoint is secured (= authentication is required) by default\nin RHDG, so it is not possible for an anonymous attacker to utilize this issue.", "threat_severity": "Moderate"}