CVE-2018-8030

Name of the Vulnerable Software and Affected Versions: Apache Qpid Broker-J versions 7.0.0 through 7.0.4 Apache Qpid Broker-J versions prior to 7.1.0

Description: A Denial of Service issue was found when using AMQP protocols 0-8, 0-9, or 0-91 to publish messages with a size greater than the allowed maximum message size limit, which is 100MB by default. This causes the broker to crash. It is noted that AMQP protocols 0-10 and 1.0 are not affected.

Recommendations: For Apache Qpid Broker-J versions 7.0.0 through 7.0.4, update to version 7.1.0 or later to resolve the issue. For Apache Qpid Broker-J versions prior to 7.1.0, update to version 7.1.0 or later to resolve the issue. As a temporary workaround, consider restricting the message size to the default limit of 100MB when using AMQP protocols 0-8, 0-9, or 0-91 to minimize the risk of exploitation.