7.8

CVE-2017-12174

It was found that when Artemis and HornetQ before 2.4.0 are configured with UDP discovery and JGroups discovery a huge byte array is created when receiving an unexpected multicast message. This may result in a heap memory exhaustion, full GC, or OutOfMemoryError.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
ApacheArtemis Version < 2.4.0
RedhatHornetq Version < 2.4.0
RedhatJboss Enterprise Application Platform Version7.1.0
   RedhatEnterprise Linux Version6.0
   RedhatEnterprise Linux Version7.0
RedhatJboss Enterprise Application Platform Version6.0.0
   RedhatEnterprise Linux Version5.0
   RedhatEnterprise Linux Version6.0
RedhatJboss Enterprise Application Platform Version6.4.0
   RedhatEnterprise Linux Version5.0
   RedhatEnterprise Linux Version6.0
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 5.97% 0.924
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 7.5 3.9 3.6
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
nvd@nist.gov 7.8 10 6.9
AV:N/AC:L/Au:N/C:N/I:N/A:C
CWE-400 Uncontrolled Resource Consumption

The product does not properly control the allocation and maintenance of a limited resource.

https://lists.apache.org/thread.html/rb2fd3bf2dce042e0ab3f3c94c4767c96bb2e7e6737624d63162df36d%40%3Ccommits.activemq.apache.org%3E
https://lists.apache.org/thread.html/rc96ad63f148f784c84ea7f0a178c84a8985c6afccabbcd9847a82088%40%3Ccommits.activemq.apache.org%3E
https://access.redhat.com/errata/RHSA-2018:0478
Vendor Advisory
https://access.redhat.com/errata/RHSA-2018:0479
Vendor Advisory
https://access.redhat.com/errata/RHSA-2018:0480
Vendor Advisory
https://access.redhat.com/errata/RHSA-2018:0481
Vendor Advisory
https://access.redhat.com/errata/RHSA-2018:0268
Vendor Advisory
https://access.redhat.com/errata/RHSA-2018:0269
Vendor Advisory
https://access.redhat.com/errata/RHSA-2018:0270
Vendor Advisory
https://access.redhat.com/errata/RHSA-2018:0271
Vendor Advisory
https://access.redhat.com/errata/RHSA-2018:0275
Vendor Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-12174
Vendor Advisory
Issue Tracking