CVE-2017-12174

CWE-400 — Uncontrolled Resource Consumption CWE-20 — Improper Input Validation6 documents6 sources

Severity

7.5HIGH

EPSS

7.4%

top 8.26%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

4

Apache Activemq Artemis Redhat Hornetq RED Hat, Inc. Hornetq/artemis +1 more

Timeline

PublishedMar 7

Latest updateMay 13

Description

It was found that when Artemis and HornetQ before 2.4.0 are configured with UDP discovery and JGroups discovery a huge byte array is created when receiving an unexpected multicast message. This may result in a heap memory exhaustion, full GC, or OutOfMemoryError.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:HExploitability: 3.9 | Impact: 3.6

Affected Packages6 packages

▶CVEListV5red_hat,_inc./hornetq/artemisbefore 2.4.0

▶NVDredhat/hornetq< 2.4.0

▶NVDapache/activemq_artemis< 2.4.0

▶Mavenorg.hornetq:hornetq-server< 2.4.0.Final

▶Mavenorg.apache.activemq:artemis-native< 2.4.0

🔴Vulnerability Details

3

GHSA

Uncontrolled Resource Consumption in Artemis and HornetQ↗2022-05-13

▶

OSV

Uncontrolled Resource Consumption in Artemis and HornetQ↗2022-05-13

▶

CVEList

CVE-2017-12174: It was found that when Artemis and HornetQ before 2↗2018-03-07

▶

📋Vendor Advisories

1

Red Hat

artemis/hornetq: memory exhaustion via UDP and JGroups discovery↗2018-02-05

▶

💬Community

1

Bugzilla

CVE-2017-12174 artemis/hornetq: memory exhaustion via UDP and JGroups discovery↗2017-10-04

▶

CVE-2017-12174 (HIGH CVSS 7.5) | It was found that when Artemis and | cvebase.io