Lucene search
+L

38 matches found

Github Security Blog
Github Security Blog
added 4 days ago8 views

Netty: Denial of Service via Unbounded Headers in StompSubframeDecoder

Summary The StompSubframeDecoder fails to limit the total number of headers or their cumulative size per frame, allowing an attacker to cause an OutOfMemoryError, leading to a Denial of Service. Details io.netty.handler.codec.stomp.StompSubframeDecoder implements the STOMP protocol. The...

7.5CVSS6.1AI score
Exploits0References2Affected Software1
OSV
OSV
added 4 days ago4 views

GHSA-VHCH-2WF3-M8RP Netty: Denial of Service via Unbounded Headers in StompSubframeDecoder

Summary The StompSubframeDecoder fails to limit the total number of headers or their cumulative size per frame, allowing an attacker to cause an OutOfMemoryError, leading to a Denial of Service. Details io.netty.handler.codec.stomp.StompSubframeDecoder implements the STOMP protocol. The...

7.5CVSS6.1AI score
Exploits0References2
Positive Technologies
Positive Technologies
added 4 days ago6 views

PT-2026-60063

Name of the Vulnerable Software and Affected Versions Netty affected versions not specified Description The io.netty.handler.codec.stomp.StompSubframeDecoder fails to limit the total number of headers or their cumulative size per frame. While the maxLineLength parameter restricts the length of...

7.5CVSS6.1AI score
Exploits0References10
OSV
OSV
added 2026/07/09 12:51 p.m.2 views

OESA-2026-2922 activemq security update

The most popular and powerful open source messaging and Integration Patterns server. Security Fixes: Improper Input Validation vulnerability in Apache ActiveMQ, Apache ActiveMQ All, Apache ActiveMQ Stomp. A remote unauthenticated peer that can reach an exposed STOMP connector can trigger...

8.1CVSS6.2AI score0.00844EPSS
Exploits0References8
OSV
OSV
added 2026/07/06 5:47 a.m.5 views

BIT-ACTIVEMQ-2026-53916 Apache ActiveMQ, Apache ActiveMQ All, Apache ActiveMQ Stomp: Unbounded header buffer in STOMP NIO codec

Memory Allocation with Excessive Size Value vulnerability in Apache ActiveMQ, Apache ActiveMQ All, Apache ActiveMQ Stomp. An unauthenticated client that opens a STOMP NIO connection can send header bytes that never terminate which makes the broker buffer them without limit, exhausting the JVM hea...

7.5CVSS6.1AI score0.00796EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2026/07/01 12:0 a.m.10 views

Linux Distros Unpatched Vulnerability : CVE-2026-49432

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Improper Input Validation vulnerability in Apache ActiveMQ, Apache ActiveMQ All, Apache ActiveMQ Stomp. A remote unauthenticated peer that can reach an exposed...

7.5CVSS6.2AI score0.00844EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2026/07/01 12:0 a.m.7 views

Linux Distros Unpatched Vulnerability : CVE-2026-53916

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Memory Allocation with Excessive Size Value vulnerability in Apache ActiveMQ, Apache ActiveMQ All, Apache ActiveMQ Stomp. An unauthenticated client that opens a...

7.5CVSS6.2AI score0.00796EPSS
Exploits0References4
Snyk
Snyk
added 2026/06/30 12:25 p.m.4 views

Incorrect Calculation of Buffer Size

Overview Affected versions of this package are vulnerable to Incorrect Calculation of Buffer Size via the STOMP protocol when a remote unauthenticated peer sends a negative content-length value. An attacker can exhaust system resources or force abnormal connection closure by continuously streamin...

7.5CVSS6AI score0.00844EPSS
Exploits0References2
NVD
NVD
added 2026/06/30 11:16 a.m.13 views

CVE-2026-49432

Improper Input Validation vulnerability in Apache ActiveMQ, Apache ActiveMQ All, Apache ActiveMQ Stomp. A remote unauthenticated peer that can reach an exposed STOMP connector can trigger denial-of-service behavior by sending a negative content-length. For the NIO STOMP transport, an attacker can...

7.5CVSS0.00844EPSS
Exploits0References2
OSV
OSV
added 2026/06/30 11:16 a.m.6 views

UBUNTU-CVE-2026-53916

Memory Allocation with Excessive Size Value vulnerability in Apache ActiveMQ, Apache ActiveMQ All, Apache ActiveMQ Stomp. An unauthenticated client that opens a STOMP NIO connection can send header bytes that never terminate which makes the broker buffer them without limit, exhausting the JVM hea...

7.5CVSS5.9AI score0.00796EPSS
Exploits0References3
CVE
CVE
added 2026/06/30 9:54 a.m.16 views

CVE-2026-49432

CVE-2026-49432 affects Apache ActiveMQ, including ActiveMQ All and ActiveMQ Stomp, due to improper input validation on STOMP exposure. A remote unauthenticated attacker can trigger denial-of-service by sending a negative content-length to an exposed STOMP connector. On the NIO STOMP transport, an...

7.5CVSS6AI score0.00844EPSS
Exploits0References2Affected Software1
EUVD
EUVD
added 2026/06/30 9:54 a.m.8 views

EUVD-2026-40284

Improper Input Validation vulnerability in Apache ActiveMQ, Apache ActiveMQ All, Apache ActiveMQ Stomp. A remote unauthenticated peer that can reach an exposed STOMP connector can trigger denial-of-service behavior by sending a negative content-length. For the NIO STOMP transport, an attacker can...

7.5CVSS6AI score0.00844EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/30 9:54 a.m.40 views

CVE-2026-49432 Apache ActiveMQ, Apache ActiveMQ All, Apache ActiveMQ Stomp: STOMP negative content-length enables denial of service

Improper Input Validation vulnerability in Apache ActiveMQ, Apache ActiveMQ All, Apache ActiveMQ Stomp. A remote unauthenticated peer that can reach an exposed STOMP connector can trigger denial-of-service behavior by sending a negative content-length. For the NIO STOMP transport, an attacker can...

0.00844EPSS
Exploits0References1
OSV
OSV
added 2026/06/30 9:54 a.m.3 views

CVE-2026-49432 Apache ActiveMQ, Apache ActiveMQ All, Apache ActiveMQ Stomp: STOMP negative content-length enables denial of service

Improper Input Validation vulnerability in Apache ActiveMQ, Apache ActiveMQ All, Apache ActiveMQ Stomp. A remote unauthenticated peer that can reach an exposed STOMP connector can trigger denial-of-service behavior by sending a negative content-length. For the NIO STOMP transport, an attacker can...

7.5CVSS6.1AI score0.00844EPSS
Exploits0References5
Cvelist
Cvelist
added 2026/06/30 9:49 a.m.45 views

CVE-2026-53916 Apache ActiveMQ, Apache ActiveMQ All, Apache ActiveMQ Stomp: Unbounded header buffer in STOMP NIO codec

Memory Allocation with Excessive Size Value vulnerability in Apache ActiveMQ, Apache ActiveMQ All, Apache ActiveMQ Stomp. An unauthenticated client that opens a STOMP NIO connection can send header bytes that never terminate which makes the broker buffer them without limit, exhausting the JVM hea...

0.00796EPSS
Exploits0References1
OSV
OSV
added 2026/06/30 9:49 a.m.4 views

CVE-2026-53916 Apache ActiveMQ, Apache ActiveMQ All, Apache ActiveMQ Stomp: Unbounded header buffer in STOMP NIO codec

Memory Allocation with Excessive Size Value vulnerability in Apache ActiveMQ, Apache ActiveMQ All, Apache ActiveMQ Stomp. An unauthenticated client that opens a STOMP NIO connection can send header bytes that never terminate which makes the broker buffer them without limit, exhausting the JVM hea...

7.5CVSS6.1AI score0.00796EPSS
Exploits0References5
RedhatCVE
RedhatCVE
added 2026/06/05 7:45 p.m.12 views

CVE-2026-40914

A flaw was found in Apache ActiveMQ Artemis STOMP. An authenticated user with send or consume permission on an address can change that address's routing-type even without createAddress. As a result, send or consume operations that should be rejected for an unsupported routing-type may succeed,...

4.3CVSS6AI score0.00372EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2026/05/29 12:0 a.m.15 views

Apache Artemis 2.0.0 < 2.54.0 Incorrect Authorization (CVE-2026-40914)

The version of Apache Artemis formerly Apache ActiveMQ Artemis installed on the remote host is affected by a vulnerability: - A vulnerability exists in Apache Artemis whereby an application using the STOMP protocol with security credentials that grant either the consume or send permission on an...

4.3CVSS5.8AI score0.00372EPSS
Exploits0References2
OSV
OSV
added 2026/05/28 3:39 p.m.4 views

GHSA-RF99-F9J2-GV3F Apache Artemis has an Incorrect Authorization issue

A vulnerability exists in Apache Artemis whereby an application using the STOMP protocol with security credentials that grant either the consume or send permission on an address can augment the routing-type supported by that address even if said user doesn't have the createAddress permission for...

4.3CVSS5.7AI score0.00372EPSS
Exploits0References7
vulnersOsv
vulnersOsv
added 2026/05/28 2:42 p.m.6 views

com.io7m.jsay:com.io7m.jsay (>=0.0.2 <=1.0.0), com.jkoolcloud.tnt4j.streams:tnt4j-streams-jms (>=1.14.2 <=2.3.0) +6 more potentially affected by CVE-2026-40914 via org.apache.activemq:artemis-stomp-protocol (>=2.0.0 <=2.4.0)

org.apache.activemq:artemis-stomp-protocol MAVEN version =2.0.0, =0.0.2, =1.14.2, =4.2.8, =2.0.0, =2.0.0, =2.31.1, =2.29.0, =2.44.0 Source cves: CVE-2026-40914 Source advisory: SNYK:JAVA-ORGAPACHEACTIVEMQ-17116517...

4.3CVSS5.4AI score0.00372EPSS
Exploits0
Rows per page
Query Builder