CVE-2025-1634

Published: Feb 26, 2025Modified: Apr 20, 2026Deferred

7.5

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Exploitability: 3.9 / Impact: 3.6

Source: secalert@redhat.com (Secondary)

Description

A flaw was found in the quarkus-resteasy extension, which causes memory leaks when client requests with low timeouts are made. If a client request times out, a buffer is not released correctly, leading to increased memory usage and eventual application crash due to OutOfMemoryError.

Related CWEs

Missing Release of Memory after Effective Lifetime

The product does not sufficiently track and release allocated memory after it has been used, which slowly consumes remaining memory.

References (10)

https://access.redhat.com/errata/RHSA-2025:12511

Source: secalert@redhat.com

https://access.redhat.com/errata/RHSA-2025:1884

Source: secalert@redhat.com

https://access.redhat.com/errata/RHSA-2025:1885

Source: secalert@redhat.com

https://access.redhat.com/errata/RHSA-2025:2067

Source: secalert@redhat.com

https://access.redhat.com/errata/RHSA-2025:23417

Source: secalert@redhat.com

https://access.redhat.com/errata/RHSA-2025:9922

Source: secalert@redhat.com

https://access.redhat.com/security/cve/CVE-2025-1634

Source: secalert@redhat.com

https://bugzilla.redhat.com/show_bug.cgi?id=2347319

Source: secalert@redhat.com

https://github.com/quarkusio/quarkus/issues/46412

Source: secalert@redhat.com

https://github.com/quarkusio/quarkus/pull/46419

Source: secalert@redhat.com

Timeline

No history available yet.