CVE-2019-0222

Published: Mar 28, 2019Modified: Nov 21, 2024

7.5

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Exploitability: 3.9 / Impact: 3.6

Source: NVD

Description

In Apache ActiveMQ 5.0.0 - 5.15.8, unmarshalling corrupt MQTT frame can lead to broker Out of Memory exception making it unresponsive.

Affected (13)

Products: Apache: Activemq · Netapp: E Series Santricity Web Services · Oracle: Communications Diameter Signaling Router, Enterprise Manager Base Platform, Enterprise Repository, Goldengate Stream Analytics, Identity Manager Connector · +1 more

Show all products

Apache: Activemq · Netapp: E Series Santricity Web Services · Oracle: Communications Diameter Signaling Router, Enterprise Manager Base Platform, Enterprise Repository, Goldengate Stream Analytics, Identity Manager Connector · Debian: Debian Linux

1 product

1 product

E Series Santricity Web Services

5 products

Communications Diameter Signaling Router

Enterprise Manager Base Platform

Enterprise Repository

Goldengate Stream Analytics

Identity Manager Connector

1 product

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Apache Activemq	From 5.0.0 to 5.15.8

Configuration B

1 vulnerable

Vulnerable Software	Affected Versions
Netapp E Series Santricity Web Services	All versions

Configuration C

10 vulnerable

Vulnerable Software	Affected Versions
Oracle Communications Diameter Signaling Router	Version 8.0.0
Oracle Communications Diameter Signaling Router	Version 8.1
Oracle Communications Diameter Signaling Router	Version 8.2.1
Oracle Communications Diameter Signaling Router	Version 8.2
Oracle Enterprise Manager Base Platform	Version 12.1.0.5.0
Oracle Enterprise Manager Base Platform	Version 13.2.0.0.0
Oracle Enterprise Manager Base Platform	Version 13.3.0.0.0
Oracle Enterprise Repository	Version 12.1.3.0.0
Oracle Goldengate Stream Analytics	Before 19.1.0.0.1
Oracle Identity Manager Connector	Version 9.0

Configuration D

1 vulnerable

Vulnerable Software	Affected Versions
Debian Debian Linux	Version 9.0

References (38)

http://activemq.apache.org/security-advisories.data/CVE-2019-0222-announcement.txt

Source: security@apache.org

MitigationThird Party Advisory

http://www.openwall.com/lists/oss-security/2019/03/27/2

Source: security@apache.org

Mailing ListThird Party Advisory

http://www.securityfocus.com/bid/107622

Source: security@apache.org

Third Party AdvisoryVDB Entry

https://lists.apache.org/thread.html/03f91b1fb85686a848cee6b90112cf6059bd1b21b23bacaa11a962e1%40%3Cdev.activemq.apache.org%3E

Source: security@apache.org

https://lists.apache.org/thread.html/2b5c0039197a4949f29e1e2c9441ab38d242946b966f61c110808bcc%40%3Ccommits.activemq.apache.org%3E

Source: security@apache.org

https://lists.apache.org/thread.html/71640324661c1b6d0b6708bd4fb20170e1b979370a4b8cddc4f8d485%40%3Cdev.activemq.apache.org%3E

Source: security@apache.org

https://lists.apache.org/thread.html/7da9636557118178b1690ba0af49c8a7b7b97d925218b5774622f488%40%3Cusers.activemq.apache.org%3E

Source: security@apache.org

https://lists.apache.org/thread.html/a859563f05fbe7c31916b3178c2697165bd9bbf5a65d1cf62aef27d2%40%3Ccommits.activemq.apache.org%3E

Source: security@apache.org

https://lists.apache.org/thread.html/d1e334bd71d6e68462c62c726fe6db565c7a6283302f9c1feed087fa%40%3Ccommits.activemq.apache.org%3E

Source: security@apache.org

https://lists.apache.org/thread.html/fcbe6ad00f1de142148c20d813fae3765dc4274955e3e2f3ca19ff7b%40%3Cdev.activemq.apache.org%3E

Source: security@apache.org

https://lists.apache.org/thread.html/r946488fb942fd35c6a6e0359f52504a558ed438574a8f14d36d7dcd7%40%3Ccommits.activemq.apache.org%3E

Source: security@apache.org

https://lists.apache.org/thread.html/rb698ed085f79e56146ca24ab359c9ef95846618675ea1ef402e04a6d%40%3Ccommits.activemq.apache.org%3E

Source: security@apache.org

https://lists.apache.org/thread.html/re4672802b0e5ed67c08c9e77057d52138e062f77cc09581b723cf95a%40%3Ccommits.activemq.apache.org%3E

Source: security@apache.org

https://lists.debian.org/debian-lts-announce/2021/03/msg00004.html

Source: security@apache.org

Mailing ListThird Party Advisory

https://lists.debian.org/debian-lts-announce/2021/03/msg00005.html

Source: security@apache.org

Mailing ListThird Party Advisory

https://security.netapp.com/advisory/ntap-20190502-0006/

Source: security@apache.org

Third Party Advisory

https://www.oracle.com/security-alerts/cpuapr2020.html

Source: security@apache.org

Third Party Advisory

https://www.oracle.com/security-alerts/cpujul2020.html

Source: security@apache.org

Third Party Advisory

https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html

Source: security@apache.org

Third Party Advisory

http://activemq.apache.org/security-advisories.data/CVE-2019-0222-announcement.txt

Source: af854a3a-2127-422b-91ae-364da2661108

MitigationThird Party Advisory

http://www.openwall.com/lists/oss-security/2019/03/27/2

Source: af854a3a-2127-422b-91ae-364da2661108

Mailing ListThird Party Advisory

http://www.securityfocus.com/bid/107622

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party AdvisoryVDB Entry

https://lists.apache.org/thread.html/03f91b1fb85686a848cee6b90112cf6059bd1b21b23bacaa11a962e1%40%3Cdev.activemq.apache.org%3E

Source: af854a3a-2127-422b-91ae-364da2661108

https://lists.apache.org/thread.html/2b5c0039197a4949f29e1e2c9441ab38d242946b966f61c110808bcc%40%3Ccommits.activemq.apache.org%3E

Source: af854a3a-2127-422b-91ae-364da2661108

https://lists.apache.org/thread.html/71640324661c1b6d0b6708bd4fb20170e1b979370a4b8cddc4f8d485%40%3Cdev.activemq.apache.org%3E

Source: af854a3a-2127-422b-91ae-364da2661108

https://lists.apache.org/thread.html/7da9636557118178b1690ba0af49c8a7b7b97d925218b5774622f488%40%3Cusers.activemq.apache.org%3E

Source: af854a3a-2127-422b-91ae-364da2661108

https://lists.apache.org/thread.html/a859563f05fbe7c31916b3178c2697165bd9bbf5a65d1cf62aef27d2%40%3Ccommits.activemq.apache.org%3E

Source: af854a3a-2127-422b-91ae-364da2661108

https://lists.apache.org/thread.html/d1e334bd71d6e68462c62c726fe6db565c7a6283302f9c1feed087fa%40%3Ccommits.activemq.apache.org%3E

Source: af854a3a-2127-422b-91ae-364da2661108

https://lists.apache.org/thread.html/fcbe6ad00f1de142148c20d813fae3765dc4274955e3e2f3ca19ff7b%40%3Cdev.activemq.apache.org%3E

Source: af854a3a-2127-422b-91ae-364da2661108

https://lists.apache.org/thread.html/r946488fb942fd35c6a6e0359f52504a558ed438574a8f14d36d7dcd7%40%3Ccommits.activemq.apache.org%3E

Source: af854a3a-2127-422b-91ae-364da2661108

https://lists.apache.org/thread.html/rb698ed085f79e56146ca24ab359c9ef95846618675ea1ef402e04a6d%40%3Ccommits.activemq.apache.org%3E

Source: af854a3a-2127-422b-91ae-364da2661108

https://lists.apache.org/thread.html/re4672802b0e5ed67c08c9e77057d52138e062f77cc09581b723cf95a%40%3Ccommits.activemq.apache.org%3E

Source: af854a3a-2127-422b-91ae-364da2661108

https://lists.debian.org/debian-lts-announce/2021/03/msg00004.html

Source: af854a3a-2127-422b-91ae-364da2661108

Mailing ListThird Party Advisory

https://lists.debian.org/debian-lts-announce/2021/03/msg00005.html

Source: af854a3a-2127-422b-91ae-364da2661108

Mailing ListThird Party Advisory

https://security.netapp.com/advisory/ntap-20190502-0006/

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

https://www.oracle.com/security-alerts/cpuapr2020.html

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

https://www.oracle.com/security-alerts/cpujul2020.html

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

Timeline

No history available yet.