Adrien Bernard

Name of the Vulnerable Software and Affected Versions Apache ActiveMQ versions 6.0.0 through 6.1.8, 6.2.0, and prior to 5.19.2 Description An integer overflow or wraparound issue exists in Apache ActiveMQ when decoding malformed packets. This occurs due to improper validation of the remaining length field in MQTT control packets, potentially leading to misinterpretation of the payload and unexpected broker behavior when interacting with non-compliant clients. The issue violates the MQTT v3.1.1 specification, which limits the Remaining Length to a maximum of 4 bytes. The scenario occurs on established connections after authentication. Brokers not using MQTT transport connectors are not impacted. Recommendations Upgrade to version 5.19.2 or later. Upgrade to version 6.1.9. Upgrade to version 6.2.1. Upgrade to version 6.2.4 or later.