GHSA-gc96-h5pr-839j
Suggest an improvement- Source
- https://github.com/advisories/GHSA-gc96-h5pr-839j
- Import Source
- https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-gc96-h5pr-839j/GHSA-gc96-h5pr-839j.json
- JSON Data
- https://api.osv.dev/v1/vulns/GHSA-gc96-h5pr-839j
- Aliases
- Published
- 2022-05-13T01:11:53Z
- Modified
- 2023-11-08T03:58:51.965867Z
- Severity
-
- 7.5 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVSS Calculator
- Summary
- Uncontrolled Resource Consumption in Artemis and HornetQ
- Details
-
It was found that when Artemis and HornetQ before 2.4.0 are configured with UDP discovery and JGroups discovery a huge byte array is created when receiving an unexpected multicast message. This may result in a heap memory exhaustion, full GC, or OutOfMemoryError.
- Database specific
{ "nvd_published_at": "2018-03-07T22:29:00Z", "github_reviewed_at": "2022-07-01T21:42:10Z", "severity": "HIGH", "github_reviewed": true, "cwe_ids": [ "CWE-400" ] }- References
-
- https://nvd.nist.gov/vuln/detail/CVE-2017-12174
- https://access.redhat.com/errata/RHSA-2018:0268
- https://access.redhat.com/errata/RHSA-2018:0269
- https://access.redhat.com/errata/RHSA-2018:0270
- https://access.redhat.com/errata/RHSA-2018:0271
- https://access.redhat.com/errata/RHSA-2018:0275
- https://access.redhat.com/errata/RHSA-2018:0478
- https://access.redhat.com/errata/RHSA-2018:0479
- https://access.redhat.com/errata/RHSA-2018:0480
- https://access.redhat.com/errata/RHSA-2018:0481
- https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-12174
- https://lists.apache.org/thread.html/rb2fd3bf2dce042e0ab3f3c94c4767c96bb2e7e6737624d63162df36d%40%3Ccommits.activemq.apache.org%3E
- https://lists.apache.org/thread.html/rb2fd3bf2dce042e0ab3f3c94c4767c96bb2e7e6737624d63162df36d@%3Ccommits.activemq.apache.org%3E
- https://lists.apache.org/thread.html/rc96ad63f148f784c84ea7f0a178c84a8985c6afccabbcd9847a82088%40%3Ccommits.activemq.apache.org%3E
- https://lists.apache.org/thread.html/rc96ad63f148f784c84ea7f0a178c84a8985c6afccabbcd9847a82088@%3Ccommits.activemq.apache.org%3E
Affected packages
Maven / org.hornetq:hornetq-server
Package
- Name
- org.hornetq:hornetq-server
- View open source insights on deps.dev
- Purl
- pkg:maven/org.hornetq/hornetq-server
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed2.4.0.Final
Affected versions
2.*
2.3.0.BETA2
2.3.0.BETA3
2.3.0.CR1
2.3.0.CR2
2.3.0.Final
2.3.1.Final
2.3.2.Final
2.3.3.Final
2.3.4.Final
2.3.5.Final
2.3.6.Final
2.3.7.Final
2.3.8.Final
2.3.9.Final
2.3.10.Final
2.3.11.Final
2.3.12.Final
2.3.13.Final
2.3.15.Final
2.3.17.Final
2.3.18.Final
2.3.19.Final
2.3.22.Final
2.3.23.Final
2.3.24.Final
2.3.25.Final
2.4.0.Alpha1
2.4.0.Beta1
2.4.0.Beta2
2.4.0.Beta3
Maven / org.apache.activemq:artemis-native
Package
- Name
- org.apache.activemq:artemis-native
- View open source insights on deps.dev
- Purl
- pkg:maven/org.apache.activemq/artemis-native