apache activemq-artemis CVE-2017-12174 in Apache and Red Hat Products
Published on March 7, 2018

product logo product logo
It was found that when Artemis and HornetQ before 2.4.0 are configured with UDP discovery and JGroups discovery a huge byte array is created when receiving an unexpected multicast message. This may result in a heap memory exhaustion, full GC, or OutOfMemoryError.

Vendor Advisory Vendor Advisory Vendor Advisory Vendor Advisory Vendor Advisory Vendor Advisory Vendor Advisory Vendor Advisory Vendor Advisory NVD

Weakness Type

What is a Resource Exhaustion Vulnerability?

The software does not properly control the allocation and maintenance of a limited resource, thereby enabling an actor to influence the amount of resources consumed, eventually leading to the exhaustion of available resources.

CVE-2017-12174 has been classified to as a Resource Exhaustion vulnerability or weakness.


Products Associated with CVE-2017-12174

stack.watch emails you whenever new vulnerabilities are published in Apache Activemq Artemis or Red Hat Hornetq. Just hit a watch button to start following.

Apache Activemq Artemis
 
Red Hat Hornetq
 

Affected Versions

Red Hat, Inc. HornetQ/Artemis Version before 2.4.0 is affected by CVE-2017-12174

Exploit Probability

EPSS
20.49%
Percentile
95.44%

EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.