Denial of Service Vulnerability in Apache Qpid by Remote Attackers
CVE-2012-4458

Currently unrated

Key Information:

Vendor: Apache
Status: Qpid
Vendor: CVE Published:; 14 March 2013

Summary

The AMQP type decoder in Apache Qpid 0.20 and earlier is susceptible to a denial of service attack. By sending a significant number of zero width elements in the client-properties map within a 'connection.start-ok' message, remote attackers can trigger excessive memory consumption, potentially leading to server crashes. This vulnerability poses serious operational risks for any deployment of affected versions of Apache Qpid.

References

https://bugzilla.redhat.com/show_bug.cgi?id=861234

x_refsource_MISC

https://issues.apache.org/jira/issues/?jql=fixVersion%20%...

x_refsource_CONFIRM

http://rhn.redhat.com/errata/RHSA-2013-0561.html

vendor-advisoryx_refsource_REDHAT

Timeline

Vulnerability Reserved
Oct 3, 2022
Vulnerability published
Mar 14, 2013