It was found that when Artemis and HornetQ before 2.4.0 are configured with UDP discovery and JGroups discovery a huge byte array is created when receiving an unexpected multicast message. This may result in a heap memory exhaustion, full GC, or OutOfMemoryError.
References
Link | Resource |
---|---|
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-12174 | Issue Tracking Vendor Advisory |
https://access.redhat.com/errata/RHSA-2018:0275 | Vendor Advisory |
https://access.redhat.com/errata/RHSA-2018:0271 | Vendor Advisory |
https://access.redhat.com/errata/RHSA-2018:0270 | Vendor Advisory |
https://access.redhat.com/errata/RHSA-2018:0269 | Vendor Advisory |
https://access.redhat.com/errata/RHSA-2018:0268 | Vendor Advisory |
https://access.redhat.com/errata/RHSA-2018:0481 | Vendor Advisory |
https://access.redhat.com/errata/RHSA-2018:0480 | Vendor Advisory |
https://access.redhat.com/errata/RHSA-2018:0479 | Vendor Advisory |
https://access.redhat.com/errata/RHSA-2018:0478 | Vendor Advisory |
https://lists.apache.org/thread.html/rc96ad63f148f784c84ea7f0a178c84a8985c6afccabbcd9847a82088%40%3Ccommits.activemq.apache.org%3E | |
https://lists.apache.org/thread.html/rb2fd3bf2dce042e0ab3f3c94c4767c96bb2e7e6737624d63162df36d%40%3Ccommits.activemq.apache.org%3E |
Configurations
Configuration 1 (hide)
|
Configuration 2 (hide)
AND |
|
Configuration 3 (hide)
AND |
|
Configuration 4 (hide)
AND |
|
Information
Published : 2018-03-07 14:29
Updated : 2023-02-12 15:27
NVD link : CVE-2017-12174
Mitre link : CVE-2017-12174
JSON object : View
CWE
CWE-400
Uncontrolled Resource Consumption
Products Affected
redhat
- jboss_enterprise_application_platform
- enterprise_linux
- hornetq
apache
- activemq_artemis