PT-2018-5378 · Apache+1 · Artemis+1

Bharti Kundal

Publicado

2018-03-07

Atualizado

2026-06-15

CVE-2017-12174

CVSS v2.0

7.8

Alta

Vetor

AV:N/AC:L/Au:N/C:N/I:N/A:C

Name of the Vulnerable Software and Affected Versions HornetQ versions prior to 2.4.0 Artemis versions prior to 2.4.0

Description The issue occurs when Artemis and HornetQ are configured with UDP discovery and JGroups discovery, and an unexpected multicast message is received, resulting in the creation of a huge byte array. This may lead to heap memory exhaustion, full GC, or OutOfMemoryError.

Recommendations For HornetQ versions prior to 2.4.0, update to version 2.4.0 or later to resolve the issue. For Artemis versions prior to 2.4.0, update to version 2.4.0 or later to resolve the issue.

Correção

DoS

Resource Exhaustion

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-400

Identificadores relacionados

CVE-2017-12174

GHSA-GC96-H5PR-839J

RHSA-2018:0268

RHSA-2018:0270

RHSA-2018:0271

RHSA-2018:0275

RHSA-2018:0479

RHSA-2018:0480

RHSA-2018:0481

Produtos afetados

Artemis

Hornetq

PT-2018-5378 · Apache+1 · Artemis+1

CVE-2017-12174

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 18