In Apache Qpid Broker-J versions 6.1.0 through 6.1.4 (inclusive) the broker does not properly enforce a maximum frame size in AMQP 1.0 frames. A remote unauthenticated attacker could exploit this to cause the broker to exhaust all available memory and eventually terminate. Older AMQP protocols are not affected.
[
{
"product": "Apache Qpid Broker-J",
"vendor": "Apache Software Foundation",
"versions": [
{
"status": "affected",
"version": "6.1.0, 6.1.1, 6.1.2, 6.1.3, and 6.1.4"
}
]
}
]