CVE-2019-0222

Опубликовано: 28 мар. 2019

Источник: debian

Описание

In Apache ActiveMQ 5.0.0 - 5.15.8, unmarshalling corrupt MQTT frame can lead to broker Out of Memory exception making it unresponsive.

Пакет	Статус	Версия исправления	Релиз	Тип
activemq	fixed	5.15.9-1		package
activemq	not-affected		jessie	package
mqtt-client	fixed	1.16-1		package
mqtt-client	fixed	1.14-1+deb10u1	buster	package

http://activemq.apache.org/security-advisories.data/CVE-2019-0222-announcement.txt
activemq disabled MQTT transport in 5.6.0+dfsg-1 (d/patches/exclude_mqtt.diff)
but enabled activemq-mqtt in 5.13.2+dfsg-2 using the external mqtt-client.
https://github.com/fusesource/mqtt-client/commit/2898f10be758decdc85ba6c523cb5be6b9092855 (mqtt-client-project-1.15)

CVE-2019-0222

CVSS3: 7.5

ubuntu

почти 7 лет назад

In Apache ActiveMQ 5.0.0 - 5.15.8, unmarshalling corrupt MQTT frame can lead to broker Out of Memory exception making it unresponsive.

CVE-2019-0222

CVSS3: 5.9

redhat

почти 7 лет назад

In Apache ActiveMQ 5.0.0 - 5.15.8, unmarshalling corrupt MQTT frame can lead to broker Out of Memory exception making it unresponsive.

CVE-2019-0222

CVSS3: 7.5

nvd

почти 7 лет назад

In Apache ActiveMQ 5.0.0 - 5.15.8, unmarshalling corrupt MQTT frame can lead to broker Out of Memory exception making it unresponsive.

GHSA-jpv3-g4cc-6vfx

CVSS3: 7.5

github

почти 7 лет назад

Improper Control of Generation of Code ('Code Injection') in org.apache.activemq:activemq-client

BDU:2020-02211

CVSS3: 7.5

fstec

почти 6 лет назад

Уязвимость реализации протокола MQTT программной платформы Apache ActiveMQ, позволяющая нарушителю вызвать отказ в обслуживании