CVE-2021-4040

2022-08-2416:15:09

CWE-787

CWE-400

redhat

web.nvd.nist.gov

amq broker

cve-2021-4040

flaw

oom condition

system availability

nvd

CVSS3

5.3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

LOW

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

AI Score

4.8

Confidence

High

EPSS

0.003

Percentile

68.6%

JSON

A flaw was found in AMQ Broker. This issue can cause a partial interruption to the availability of AMQ Broker via an Out of memory (OOM) condition. This flaw allows an attacker to partially disrupt availability to the broker through a sustained attack of maliciously crafted messages. The highest threat from this vulnerability is system availability.

Affected configurations

Nvd

Vulners

Node

redhatamq_brokerRange<7.10.0

Node

apacheactivemq_artemisRange<2.19.1

VendorProductVersionCPE
redhatamq_broker*cpe:2.3:a:redhat:amq_broker:*:*:*:*:*:*:*:*
apacheactivemq_artemis*cpe:2.3:a:apache:activemq_artemis:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
redhat	amq_broker	*	cpe:2.3:a:redhat:amq_broker::::::::
apache	activemq_artemis	*	cpe:2.3:a:apache:activemq_artemis::::::::

CNA Affected

[
  {
    "product": "AMQ Broker",
    "vendor": "n/a",
    "versions": [
      {
        "status": "affected",
        "version": "Fixed in v2.19.1, v2.20.0"
      }
    ]
  }
]