You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@activemq.apache.org by "Ivan Viaznikov (Jira)" <ji...@apache.org> on 2022/02/07 07:54:00 UTC
[jira] [Commented] (ARTEMIS-3593) OOM error on rogue message to Artemis Broker
[ https://issues.apache.org/jira/browse/ARTEMIS-3593?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17487932#comment-17487932 ]
Ivan Viaznikov commented on ARTEMIS-3593:
-----------------------------------------
[~clebertsuconic] Could you please clarify if this fix is planned to be downported to 2.16.x and 2.17.x versions? These versions come with Spring Boot 2.4.x and 2.5.x. Upgrading to 2.20.0 or 2.19.1 could cause compatibility issues since migration to 2.18.x requires manual actions ([Versions ยท ActiveMQ Artemis Documentation (apache.org)|https://activemq.apache.org/components/artemis/documentation/latest/versions.html])
> OOM error on rogue message to Artemis Broker
> --------------------------------------------
>
> Key: ARTEMIS-3593
> URL: https://issues.apache.org/jira/browse/ARTEMIS-3593
> Project: ActiveMQ Artemis
> Issue Type: Bug
> Components: Broker
> Affects Versions: 2.6.2
> Reporter: Viktor Kolomeyko
> Priority: Critical
> Fix For: 2.20.0, 2.19.1
>
> Attachments: CrashDump.log, dospayload.binary
>
> Time Spent: 2h 40m
> Remaining Estimate: 0h
>
> A problem been reported by a Security Researcher when a Java process running an embedded Artemis Broker been sent a handcrafted message:
> {code:sh}
> cat /path/to/dospayload.binary > /dev/tcp/<broker_address>/<broker_port>{code}
> resulting OutOfMemory crash, please see attachment.
> The problem is caused by the fact that a 32-bit integer is read from the stream and byte array is allocated using this value without performing any checks.
--
This message was sent by Atlassian Jira
(v8.20.1#820001)