It was found that when Artemis and HornetQ before 2.4.0 are configured with UDP discovery and JGroups discovery a huge byte array is created when receiving an unexpected multicast message. This may result in a heap memory exhaustion, full GC, or OutOfMemoryError.
References
Link | Resource |
---|---|
https://access.redhat.com/errata/RHSA-2018:0268 | Vendor Advisory |
https://access.redhat.com/errata/RHSA-2018:0269 | Vendor Advisory |
https://access.redhat.com/errata/RHSA-2018:0270 | Vendor Advisory |
https://access.redhat.com/errata/RHSA-2018:0271 | Vendor Advisory |
https://access.redhat.com/errata/RHSA-2018:0275 | Vendor Advisory |
https://access.redhat.com/errata/RHSA-2018:0478 | Vendor Advisory |
https://access.redhat.com/errata/RHSA-2018:0479 | Vendor Advisory |
https://access.redhat.com/errata/RHSA-2018:0480 | Vendor Advisory |
https://access.redhat.com/errata/RHSA-2018:0481 | Vendor Advisory |
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-12174 | Issue Tracking Vendor Advisory |
https://lists.apache.org/thread.html/rb2fd3bf2dce042e0ab3f3c94c4767c96bb2e7e6737624d63162df36d%40%3Ccommits.activemq.apache.org%3E | |
https://lists.apache.org/thread.html/rc96ad63f148f784c84ea7f0a178c84a8985c6afccabbcd9847a82088%40%3Ccommits.activemq.apache.org%3E |
Configurations
Configuration 1 (hide)
|
Configuration 2 (hide)
AND |
|
Configuration 3 (hide)
AND |
|
Configuration 4 (hide)
AND |
|
History
12 Feb 2023, 23:27
Type | Values Removed | Values Added |
---|---|---|
References |
|
|
28 Jan 2021, 16:37
Type | Values Removed | Values Added |
---|---|---|
CPE | cpe:2.3:a:redhat:hornetq:2.4.0:*:*:*:*:*:*:* |
cpe:2.3:a:apache:activemq_artemis:*:*:*:*:*:*:*:* cpe:2.3:a:redhat:hornetq:*:*:*:*:*:*:*:* |
References | (MLIST) https://lists.apache.org/thread.html/rc96ad63f148f784c84ea7f0a178c84a8985c6afccabbcd9847a82088@%3Ccommits.activemq.apache.org%3E - Mailing List, Vendor Advisory | |
References | (MLIST) https://lists.apache.org/thread.html/rb2fd3bf2dce042e0ab3f3c94c4767c96bb2e7e6737624d63162df36d@%3Ccommits.activemq.apache.org%3E - Mailing List, Vendor Advisory |
27 Jan 2021, 19:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
27 Jan 2021, 18:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
Information
Published : 2018-03-07 22:29
Updated : 2023-12-10 12:30
NVD link : CVE-2017-12174
Mitre link : CVE-2017-12174
CVE.ORG link : CVE-2017-12174
JSON object : View
Products Affected
redhat
- jboss_enterprise_application_platform
- hornetq
- enterprise_linux
apache
- activemq_artemis
CWE
CWE-400
Uncontrolled Resource Consumption