Unmarshal Issues in Apache ActiveMQ MQTT Broker
CVE-2019-0222

7.5HIGH

Key Information:

Vendor
Apache
Status
Apache ActiveMQ
Vendor
CVE Published:
28 March 2019

Summary

In specific versions of Apache ActiveMQ, a vulnerability exists that allows corrupt MQTT frames to be processed during unmarshalling, potentially leading to an Out of Memory exception in the broker. This can result in the broker becoming unresponsive, disrupting service and impacting applications that rely on message queuing. It is crucial for users of affected versions to apply updates or mitigations as provided by Apache to prevent such disruptions.

Affected Version(s)

Apache ActiveMQ Apache ActiveMQ 5.0.0 - 5.15.8

References

https://lists.apache.org/thread.html/2b5c0039197a4949f29e...
mailing-listx_refsource_MLIST
https://lists.apache.org/thread.html/7da9636557118178b169...
mailing-listx_refsource_MLIST
https://lists.apache.org/thread.html/d1e334bd71d6e68462c6...
mailing-listx_refsource_MLIST

CVSS V3.1

Score:
7.5
Severity:
HIGH
Confidentiality:
None
Integrity:
None
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.