5.3 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
LOW
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
0.001 Low
EPSS
Percentile
36.3%
artemis-core-client is vulnerable to denial of service. The vulnerability exists due to the Out of memory (OOM) condition in the encodeXid
function of XidCodecSupport.java
as the function does not properly encode the reading data, allowing an attacker to crash the application by providing a maliciously crafted message.
CPE | Name | Operator | Version |
---|---|---|---|
activemq artemis core client | le | 2.19.1 | |
activemq artemis core client | le | 2.19.1 |
access.redhat.com/security/cve/CVE-2021-4040
bugzilla.redhat.com/show_bug.cgi?id=2028254
github.com/advisories/GHSA-gf8c-j759-86mg
github.com/apache/activemq-artemis/commit/72a4fff1673477d78a85c415d48a2c74afda81fa
github.com/apache/activemq-artemis/pull/3862
github.com/apache/activemq-artemis/pull/3871
github.com/apache/activemq-artemis/pull/3871/commits
issues.apache.org/jira/browse/ARTEMIS-3593