漏洞信息
尽管我们使用了先进的大模型技术,但其输出仍可能包含不准确或过时的信息。神龙努力确保数据的准确性,但请您根据实际情况进行核实和判断。
Vulnerability Title
Apache ActiveMQ, Apache ActiveMQ All, Apache ActiveMQ Client, Apache ActiveMQ Broker: Unbounded memory allocation in OpenWire property unmarshalling
Vulnerability Description
Memory Allocation with Excessive Size Value vulnerability in Apache ActiveMQ, Apache ActiveMQ All, Apache ActiveMQ Client, Apache ActiveMQ Broker. An authenticated user can cause a broker DoS by sending a crafted OpenWire Message with a large encoded size value for the map. OpenWire message property maps are unmarshaled without size validation which can trigger OOM and crash the broker. This issue affects Apache ActiveMQ: before 5.19.8, from 6.0.0 before 6.2.7; Apache ActiveMQ All: before 5.19.8, from 6.0.0 before 6.2.7; Apache ActiveMQ Client: before 5.19.8, from 6.0.0 before 6.2.7; Apache ActiveMQ Broker: before 5.19.8, from 6.0.0 before 6.2.7. Users are recommended to upgrade to version 6.2.7 or 5.19.8, which fixes the issue.
CVSS Information
N/A
Vulnerability Type
未经控制的内存分配
Vulnerability Title
Apache ActiveMQ 资源管理错误漏洞
Vulnerability Description
Apache ActiveMQ是Apache基金会的一款消息队列中间件。 Apache ActiveMQ存在资源管理错误漏洞,该漏洞源于内存分配时存在过大的尺寸值问题,OpenWire消息属性映射在反序列化时未进行大小验证,可能导致已认证用户通过发送特制的OpenWire消息(其中包含map的编码尺寸值过大)触发OOM并使代理崩溃,造成拒绝服务。以下版本受到影响:Apache ActiveMQ 5.19.8之前版本和6.0.0至6.2.7之前版本;Apache ActiveMQ All 5.19.8之前版
CVSS Information
N/A
Vulnerability Type
N/A