[
https://issues.apache.org/jira/browse/ARTEMIS-3593?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17487932#comment-17487932
]
Ivan Viaznikov commented on ARTEMIS-3593:
-----------------------------------------
[~clebertsuconic] Could you please clarify if this fix is planned to be
downported to 2.16.x and 2.17.x versions? These versions come with Spring Boot
2.4.x and 2.5.x. Upgrading to 2.20.0 or 2.19.1 could cause compatibility issues
since migration to 2.18.x requires manual actions ([Versions ยท ActiveMQ Artemis
Documentation
(apache.org)|https://activemq.apache.org/components/artemis/documentation/latest/versions.html])
> OOM error on rogue message to Artemis Broker
> --------------------------------------------
>
> Key: ARTEMIS-3593
> URL: https://issues.apache.org/jira/browse/ARTEMIS-3593
> Project: ActiveMQ Artemis
> Issue Type: Bug
> Components: Broker
> Affects Versions: 2.6.2
> Reporter: Viktor Kolomeyko
> Priority: Critical
> Fix For: 2.20.0, 2.19.1
>
> Attachments: CrashDump.log, dospayload.binary
>
> Time Spent: 2h 40m
> Remaining Estimate: 0h
>
> A problem been reported by a Security Researcher when a Java process running
> an embedded Artemis Broker been sent a handcrafted message:
> {code:sh}
> cat /path/to/dospayload.binary > /dev/tcp/<broker_address>/<broker_port>{code}
> resulting OutOfMemory crash, please see attachment.
> The problem is caused by the fact that a 32-bit integer is read from the
> stream and byte array is allocated using this value without performing any
> checks.
--
This message was sent by Atlassian Jira
(v8.20.1#820001)
