RUSTSEC-2022-0068 out-of-bounds read possible when setting list-of-pointers

If a message consumer expects data of type "list of pointers", and if the consumer performs certain specific actions on such data, then a message producer can cause the consumer to read out-of-bounds memory. This could trigger a process crash in the consumer, or in some cases could allow...

The vulnerability of the JMSMessageConsumer component of the software for transmitting large volumes of streaming data via Apache Flume allows a attacker to execute arbitrary code.

The vulnerability of the JMSMessageConsumer component in the Apache Flume software for processing large volumes of streaming data exists due to the lack of measures taken to neutralize specific elements. Exploiting this vulnerability allows a remote attacker to execute arbitrary code...

PT-2022-4369 · Apache · Apache Flume

Name of the Vulnerable Software and Affected Versions: Apache Flume versions 1.4.0 through 1.10.0 Description: The issue allows for a remote code execution RCE attack when a configuration uses a JMS Source with a JNDI LDAP data source URI, and an attacker has control of the target LDAP server. Th...