CVE-2022-23913

In Apache ActiveMQ Artemis prior to 2.20.0 or 2.19.1, an attacker could partially disrupt availability (DoS) through uncontrolled resource consumption of memory.

Published: Feb 5, 2022
Updated: Jul 1, 2023
CVE: CVE-2022-23913
GHSA: GHSA-pr38-qpxm-g88x
Severity: High
Exploit:

CVSS v3:

Severity: High
Score: 7.5
AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CVSS v2:

Severity: Medium
Score: 5
AV:N/AC:L/Au:N/C:N/I:N/A:P

CWEs:

CWE-400
CWE-770

Affected Software
References

Software	From	Fixed in
apache / activemq_artemis	-	2.19.1
org.apache.activemq / artemis-commons	-	2.19.1

https://github.com/apache/activemq-artemis/pull/3862
https://github.com/apache/activemq-artemis/pull/3862/commits/1f92368240229b8f5db92a92a72c703faf83e9b7
https://github.com/apache/activemq-artemis/pull/3871
https://github.com/apache/activemq-artemis/pull/3871/commits/153d2e9a979aead8dff95fbc91d659ecc7d0fb82
https://github.com/github/codeql-java-CVE-coverage/issues/1061
https://issues.apache.org/jira/browse/ARTEMIS-3593
https://lists.apache.org/thread/fjynj57rd99s814rdn5hzvmx8lz403q2
https://security.netapp.com/advisory/ntap-20220303-0003/

Vulnerability Database

289,697

CVE-2022-23913