CVE-2019-0222

7.5HIGH

Key Information:

Vendor: Apache
Status: Apache ActiveMQ
Vendor: CVE Published:; 28 March 2019

Summary

In Apache ActiveMQ 5.0.0 - 5.15.8, unmarshalling corrupt MQTT frame can lead to broker Out of Memory exception making it unresponsive.

Affected Version(s)

Apache ActiveMQ Apache ActiveMQ 5.0.0 - 5.15.8

References

https://lists.apache.org/thread.html/2b5c0039197a4949f29e...

mailing-listx_refsource_MLIST

https://lists.apache.org/thread.html/7da9636557118178b169...

mailing-listx_refsource_MLIST

https://lists.apache.org/thread.html/d1e334bd71d6e68462c6...

mailing-listx_refsource_MLIST

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Mar 28, 2019
Vulnerability Reserved
Nov 14, 2018

.