Red Hat · Hornetq · CVE-2017-12174
**Name of the Vulnerable Software and Affected Versions**
HornetQ versions prior to 2.4.0
Artemis versions prior to 2.4.0
**Description**
The issue occurs when Artemis and HornetQ are configured with UDP discovery and JGroups discovery, and an unexpected multicast message is received, resulting in the creation of a huge byte array. This may lead to heap memory exhaustion, full GC, or OutOfMemoryError.
**Recommendations**
For HornetQ versions prior to 2.4.0, update to version 2.4.0 or later to resolve the issue.
For Artemis versions prior to 2.4.0, update to version 2.4.0 or later to resolve the issue.