Denial of service vulnerability exists when .NET and .NET Core improperly process XML documents

2018-10-1619:50:39

Google

osv.dev

0.001 Low

EPSS

Percentile

21.4%

JSON

A Denial of Service vulnerability was found in Apache Qpid Broker-J versions 7.x before 7.1.0 when AMQP protocols 0-8, 0-9 or 0-91 are used to publish messages with size greater than allowed maximum message size limit (100MB by default). The broker crashes due to the defect. AMQP protocols 0-10 and 1.0 are not affected.

CPENameOperatorVersion
org.apache.qpid:apache-qpid-broker-jeq7.0.8
org.apache.qpid:apache-qpid-broker-jeq7.0.4
org.apache.qpid:apache-qpid-broker-jeq7.0.1
org.apache.qpid:apache-qpid-broker-jeq7.0.5
org.apache.qpid:apache-qpid-broker-jeq7.0.9
org.apache.qpid:apache-qpid-broker-jeq7.0.3
org.apache.qpid:apache-qpid-broker-jeq7.0.6
org.apache.qpid:apache-qpid-broker-jeq7.0.0
org.apache.qpid:apache-qpid-broker-jeq7.0.7
org.apache.qpid:apache-qpid-broker-jeq7.0.2

Name	Operator	Version
org.apache.qpid:apache-qpid-broker-j	eq	7.0.8
org.apache.qpid:apache-qpid-broker-j	eq	7.0.4
org.apache.qpid:apache-qpid-broker-j	eq	7.0.1
org.apache.qpid:apache-qpid-broker-j	eq	7.0.5
org.apache.qpid:apache-qpid-broker-j	eq	7.0.9
org.apache.qpid:apache-qpid-broker-j	eq	7.0.3
org.apache.qpid:apache-qpid-broker-j	eq	7.0.6
org.apache.qpid:apache-qpid-broker-j	eq	7.0.0
org.apache.qpid:apache-qpid-broker-j	eq	7.0.7
org.apache.qpid:apache-qpid-broker-j	eq	7.0.2