Lucene search
Veracode Vulnerability DatabaseVERACODE:36801HistoryAug 25, 2022 - 3:21 a.m.
Denial Of Service (DoS)
2022-08-2503:21:29
Veracode Vulnerability Database
sca.analysiscenter.veracode.com
13
denial of service
vulnerability
out of memory
xidcodecsupport.java
encodexid function
artemis-core-client
crash
malicious message
EPSS
0.003
Percentile
68.6%
artemis-core-client is vulnerable to denial of service. The vulnerability exists due to the Out of memory (OOM) condition in the encodeXid function of XidCodecSupport.java as the function does not properly encode the reading data, allowing an attacker to crash the application by providing a maliciously crafted message.
References
access.redhat.com/security/cve/CVE-2021-4040
bugzilla.redhat.com/show_bug.cgi?id=2028254
github.com/advisories/GHSA-gf8c-j759-86mg
github.com/apache/activemq-artemis/commit/72a4fff1673477d78a85c415d48a2c74afda81fa
github.com/apache/activemq-artemis/pull/3862
github.com/apache/activemq-artemis/pull/3871
github.com/apache/activemq-artemis/pull/3871/commits
issues.apache.org/jira/browse/ARTEMIS-3593
Related
nvd
nvd
CVE-2021-4040
2022-08-24 16:15:09
osv
osv
CVE-2021-4040
2022-08-24 16:15:09
org.apache.activemq:artemis-core-client Vulnerable to Out-of-Bounds Write
2022-08-25 00:00:27
cvelist
cvelist
CVE-2021-4040
2022-08-24 15:13:07
prion
prion
Design/Logic Flaw
2022-08-24 16:15:00
redhatcve
redhatcve
CVE-2021-4040
2021-12-02 11:51:38
github
github
org.apache.activemq:artemis-core-client Vulnerable to Out-of-Bounds Write
2022-08-25 00:00:27
cve
cve
CVE-2021-4040
2022-08-24 16:15:09
redhat
redhat