Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
cvelistEclipseCVELIST:CVE-2020-27217
HistoryNov 13, 2020 - 7:30 p.m.

CVE-2020-27217

2020-11-1319:30:16
CWE-1284
eclipse
www.cve.org

0.001 Low

EPSS

Percentile

29.4%

JSON

In Eclipse Hono version 1.3.0 and 1.4.0 the AMQP protocol adapter does not verify the size of AMQP messages received from devices. In particular, a device may send messages that are bigger than the max-message-size that the protocol adapter has indicated during link establishment. While the AMQP 1.0 protocol explicitly disallows a peer to send such messages, a hand crafted AMQP 1.0 client could exploit this behavior in order to send a message of unlimited size to the adapter, eventually causing the adapter to fail with an out of memory exception.

CNA Affected

[
  {
    "product": "Eclipse Hono",
    "vendor": "The Eclipse Foundation",
    "versions": [
      {
        "status": "affected",
        "version": "1.3.0"
      },
      {
        "status": "affected",
        "version": "1.4.0"
      }
    ]
  }
]

Related

cve 1
github 1
prion 1
osv 2
nvd 1
cve
cve
CVE-2020-27217
2020-11-13 20:15:16
github
github
Improper Validation of Specified Quantity in Input in Eclipse Hono
2022-02-10 20:22:06
prion
prion
Design/Logic Flaw
2020-11-13 20:15:00
osv
osv
Improper Validation of Specified Quantity in Input in Eclipse Hono
2022-02-10 20:22:06
CVE-2020-27217
2020-11-13 20:15:16
nvd
nvd
CVE-2020-27217
2020-11-13 20:15:16

0.001 Low

EPSS

Percentile

29.4%

JSON
Related for CVELIST:CVE-2020-27217
cve1github1prion1osv2nvd1