Headline
CVE-2021-4040: Red Hat Customer Portal - Access to 24x7 support and knowledge
A flaw was found in AMQ Broker. This issue can cause a partial interruption to the availability of AMQ Broker via an Out of memory (OOM) condition. This flaw allows an attacker to partially disrupt availability to the broker through a sustained attack of maliciously crafted messages. The highest threat from this vulnerability is system availability.
Red Hat Product Security Center
Engage with our Red Hat Product Security team, access security updates, and ensure your environments are not exposed to any known security vulnerabilities.
Product Security Center
Related news
A flaw was found in AMQ Broker. This issue can cause a partial interruption to the availability of AMQ Broker via an Out of memory (OOM) condition. This flaw allows an attacker to partially disrupt availability to the broker through a sustained attack of maliciously crafted messages. The highest threat from this vulnerability is system availability.
Red Hat Security Advisory 2022-5101-01 - AMQ Broker is a high-performance messaging implementation based on ActiveMQ Artemis. It uses an asynchronous journal for fast message persistence, and supports multiple languages, protocols, and platforms. This release of Red Hat AMQ Broker 7.10.0 serves as a replacement for Red Hat AMQ Broker 7.9.4, and includes security and bug fixes, and enhancements. For further information, refer to the release notes linked to in the References section. Issues addressed include HTTP request smuggling and denial of service vulnerabilities.
Red Hat AMQ Broker 7.10.0 is now available from the Red Hat Customer Portal. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2019-10744: nodejs-lodash: prototype pollution in defaultsDeep function leading to modifying properties * CVE-2020-36518: jackson-databind: denial of service via a large depth of nested objects * CVE-2021-4040: AMQ Broker: Malformed message can result in partial DoS (OOM) * CVE-2021-43797: netty: control chars in header names may lead to HTTP request ...