Out-of-Memory Error in Spring AMQP Versions from VMware
CVE-2021-22095

6.5MEDIUM

Key Information:

Vendor: Vmware
Status: Spring AMQp
Vendor: CVE Published:; 30 November 2021

Summary

A vulnerability in Spring AMQP allows for the possibility of an Out-of-Memory (OOM) error when processing messages. This occurs in versions 2.2.0 through 2.2.19 and 2.3.0 through 2.3.11, where the 'toString()' method of the Spring AMQP Message object creates a new String object from the message body, without considering the size of the message. If a large message is processed, it can lead to excessive memory allocation and ultimately an OOM error, which may disrupt application performance and availability.

Affected Version(s)

Spring AMQP Spring AMQP versions 2.2.X prior to 2.2.20 and 2.3.x prior to 2.3.12 .

References

https://tanzu.vmware.com/security/cve-2021-22097

x_refsource_MISC

CVSS V3.1

Score:

6.5

Severity:

MEDIUM

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Nov 30, 2021
Vulnerability Reserved
Jan 4, 2021