2 matches found
CVE-2025-27533
CVE-2025-27533 in Apache ActiveMQ stems from unchecked buffer length during OpenWire unmarshalling, allowing excessive memory allocation and DoS. Affected versions include 6.0.0–6.1.5, 5.18.0–5.18.6, 5.17.0–5.17.6, 5.16.0–5.16.7; 5.19.0 is not affected. If not using mutual TLS, brokers may be vul...
CVE-2023-46604
CVE-2023-46604 – Apache ActiveMQ OpenWire deserialization RCE has concrete details in connected sources: the Java OpenWire protocol marshaller is vulnerable to remote code execution. A remote attacker with network access to a Java-based OpenWire broker or client can execute arbitrary shell comman...