CVE-2019-0222

CWE-94 — Code Injection12 documents9 sources

Severity

7.5HIGH

EPSS

10.3%

top 6.83%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Oracle Goldengate Stream Analytics Apache Activemq Apache Apache Activemq +5 more

Timeline

PublishedMar 28

Latest updateMar 7

Description

In Apache ActiveMQ 5.0.0 - 5.15.8, unmarshalling corrupt MQTT frame can lead to broker Out of Memory exception making it unresponsive.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:HExploitability: 3.9 | Impact: 3.6

Affected Packages10 packages

▶Mavenorg.apache.activemq:activemq-client5.0.0 — 5.15.9

▶NVDapache/activemq5.0.0 — 5.15.8

▶CVEListV5apache/apache_activemqApache ActiveMQ 5.0.0 - 5.15.8

▶Debianactivemq< 5.15.9-1+2

▶Debianmqtt-client< 1.16-1+3

Also affects: Debian Linux 9.0

🔴Vulnerability Details

OSV

Improper Control of Generation of Code ('Code Injection') in org.apache.activemq:activemq-client↗2019-04-02

▶

GHSA

Improper Control of Generation of Code ('Code Injection') in org.apache.activemq:activemq-client↗2019-04-02

▶

CVEList

CVE-2019-0222: In Apache ActiveMQ 5↗2019-03-28

▶

OSV

CVE-2019-0222: In Apache ActiveMQ 5↗2019-03-28

▶

📋Vendor Advisories

Ubuntu

mqtt-client vulnerability↗2024-03-07

▶

Oracle

Oracle Oracle GoldenGate Risk Matrix: Security (ActiveMQ) — CVE-2019-0222↗2020-07-15

▶

Oracle

Oracle Oracle Communications Applications Risk Matrix: IDIH Visualization (Apache ActiveMQ) — CVE-2019-0222↗2020-04-15

▶

Red Hat

activemq: Corrupt MQTT frame can cause broker shutdown↗2019-03-27

▶

Debian

CVE-2019-0222: activemq - In Apache ActiveMQ 5.0.0 - 5.15.8, unmarshalling corrupt MQTT frame can lead to ...↗2019

▶

💬Community

Bugzilla

CVE-2019-0222 activemq: Corrupt MQTT frame can cause broker shutdown [fedora-all]↗2019-04-04

▶

Bugzilla

CVE-2019-0222 activemq: Corrupt MQTT frame can cause broker shutdown↗2019-04-04

▶