[
https://issues.apache.org/jira/browse/ARTEMIS-3593?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Robbie Gemmell reopened ARTEMIS-3593:
-------------------------------------
> OOM error on rogue message to Artemis Broker
> --------------------------------------------
>
> Key: ARTEMIS-3593
> URL: https://issues.apache.org/jira/browse/ARTEMIS-3593
> Project: ActiveMQ Artemis
> Issue Type: Bug
> Components: Broker
> Affects Versions: 2.6.2
> Reporter: Viktor Kolomeyko
> Priority: Critical
> Fix For: 2.20.0
>
> Attachments: CrashDump.log, dospayload.binary
>
> Time Spent: 2h 40m
> Remaining Estimate: 0h
>
> A problem been reported by a Security Researcher when a Java process running
> an embedded Artemis Broker been sent a handcrafted message:
> {code:sh}
> cat /path/to/dospayload.binary > /dev/tcp/<broker_address>/<broker_port>{code}
> resulting OutOfMemory crash, please see attachment.
> The problem is caused by the fact that a 32-bit integer is read from the
> stream and byte array is allocated using this value without performing any
> checks.
--
This message was sent by Atlassian Jira
(v8.20.1#820001)
