CVE-2017-12174

CVSS v2.0

7.8

High

Vector

AV:N/AC:L/Au:N/C:N/I:N/A:C

Name of the Vulnerable Software and Affected Versions HornetQ versions prior to 2.4.0 Artemis versions prior to 2.4.0

Description The issue occurs when Artemis and HornetQ are configured with UDP discovery and JGroups discovery, and an unexpected multicast message is received, resulting in the creation of a huge byte array. This may lead to heap memory exhaustion, full GC, or OutOfMemoryError.

Recommendations For HornetQ versions prior to 2.4.0, update to version 2.4.0 or later to resolve the issue. For Artemis versions prior to 2.4.0, update to version 2.4.0 or later to resolve the issue.

Fix

Resource Exhaustion

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-400

Related Identifiers

CVE-2017-12174

GHSA-GC96-H5PR-839J

RHSA-2018:0268

RHSA-2018:0270

RHSA-2018:0271

RHSA-2018:0275

RHSA-2018:0479

RHSA-2018:0480

RHSA-2018:0481

Affected Products

Artemis

Hornetq

CVE-2017-12174

Weakness Enumeration

Related Identifiers

Affected Products

References · 18