artemis-core-client is vulnerable to denial of service. The vulnerability exists due to the Out of memory (OOM) condition in the encodeXid
function of XidCodecSupport.java
as the function does not properly encode the reading data, allowing an attacker to crash the application by providing a maliciously crafted message.
access.redhat.com/security/cve/CVE-2021-4040
bugzilla.redhat.com/show_bug.cgi?id=2028254
github.com/advisories/GHSA-gf8c-j759-86mg
github.com/apache/activemq-artemis/commit/72a4fff1673477d78a85c415d48a2c74afda81fa
github.com/apache/activemq-artemis/pull/3862
github.com/apache/activemq-artemis/pull/3871
github.com/apache/activemq-artemis/pull/3871/commits
issues.apache.org/jira/browse/ARTEMIS-3593