Veracode Vulnerability DatabaseVERACODE:36801Denial Of Service (DoS)
5.3 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
LOW
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
0.001 Low
EPSS
Percentile
36.3%
artemis-core-client is vulnerable to denial of service. The vulnerability exists due to the Out of memory (OOM) condition in the encodeXid function of XidCodecSupport.java as the function does not properly encode the reading data, allowing an attacker to crash the application by providing a maliciously crafted message.
| CPE | Name | Operator | Version |
|---|---|---|---|
| activemq artemis core client | le | 2.19.1 | |
| activemq artemis core client | le | 2.19.1 |
References
access.redhat.com/security/cve/CVE-2021-4040
bugzilla.redhat.com/show_bug.cgi?id=2028254
github.com/advisories/GHSA-gf8c-j759-86mg
github.com/apache/activemq-artemis/commit/72a4fff1673477d78a85c415d48a2c74afda81fa
github.com/apache/activemq-artemis/pull/3862
github.com/apache/activemq-artemis/pull/3871
github.com/apache/activemq-artemis/pull/3871/commits
issues.apache.org/jira/browse/ARTEMIS-3593
Related
5.3 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
LOW
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
0.001 Low
EPSS
Percentile
36.3%