CVE-2021-4040

A flaw was found in AMQ Broker. This issue can cause a partial interruption to the availability of AMQ Broker via an Out of memory (OOM) condition. This flaw allows an attacker to partially disrupt availability to the broker through a sustained attack of maliciously crafted messages. The highest threat from this vulnerability is system availability.

CVSS v3 5.3 MEDIUM

5.3^/10

CVSS v3 : MEDIUM

Vector :

Exploitability : 3.9 / Impact : 1.4

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact LOW

Scope UNCHANGED

References

Link	Resource
https://access.redhat.com/security/cve/CVE-2021-4040	Vendor Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=2028254	Issue Tracking Vendor Advisory
https://github.com/apache/activemq-artemis/pull/3871/commits	Patch Third Party Advisory
https://issues.apache.org/jira/browse/ARTEMIS-3593	Patch Third Party Advisory

Configurations

Configuration 1 (hide)

cpe:2.3:a:redhat:amq_broker:*:*:*:*:*:*:*:*

Configuration 2 (hide)

cpe:2.3:a:apache:activemq_artemis:*:*:*:*:*:*:*:*

History

No history.

Information

Published : 2022-08-24 16:15

Updated : 2024-02-28 19:29

NVD link : CVE-2021-4040

Mitre link : CVE-2021-4040

CVE.ORG link : CVE-2021-4040

JSON object : View

Products Affected

redhat

amq_broker

apache

activemq_artemis

CWE

CWE-787

Out-of-bounds Write

CWE-400

Uncontrolled Resource Consumption

{"id": "CVE-2021-4040", "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.3, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "LOW", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}, "impactScore": 1.4, "exploitabilityScore": 3.9}]}, "published": "2022-08-24T16:15:09.313", "references": [{"url": "https://access.redhat.com/security/cve/CVE-2021-4040", "tags": ["Vendor Advisory"], "source": "secalert@redhat.com"}, {"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2028254", "tags": ["Issue Tracking", "Vendor Advisory"], "source": "secalert@redhat.com"}, {"url": "https://github.com/apache/activemq-artemis/pull/3871/commits", "tags": ["Patch", "Third Party Advisory"], "source": "secalert@redhat.com"}, {"url": "https://issues.apache.org/jira/browse/ARTEMIS-3593", "tags": ["Patch", "Third Party Advisory"], "source": "secalert@redhat.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-787"}]}, {"type": "Secondary", "source": "secalert@redhat.com", "description": [{"lang": "en", "value": "CWE-400"}]}], "descriptions": [{"lang": "en", "value": "A flaw was found in AMQ Broker. This issue can cause a partial interruption to the availability of AMQ Broker via an Out of memory (OOM) condition. This flaw allows an attacker to partially disrupt availability to the broker through a sustained attack of maliciously crafted messages. The highest threat from this vulnerability is system availability."}, {"lang": "es", "value": "Se ha encontrado un fallo en AMQ Broker. Este problema puede causar una interrupci\u00f3n parcial de la disponibilidad de AMQ Broker por medio de una condici\u00f3n de Out of memory (OOM). Este fallo permite a un atacante interrumpir parcialmente la disponibilidad del broker mediante un ataque sostenido de mensajes maliciosamente dise\u00f1ados. La mayor amenaza de esta vulnerabilidad es la disponibilidad del sistema."}], "lastModified": "2022-08-29T16:40:20.963", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:redhat:amq_broker:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "4B56B867-75FC-47C5-94C7-B96DC3028D64", "versionEndExcluding": "7.10.0"}], "operator": "OR"}]}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:apache:activemq_artemis:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "18C0F17A-A27D-40E9-9ACE-5BD86A02BA54", "versionEndExcluding": "2.19.1"}], "operator": "OR"}]}], "sourceIdentifier": "secalert@redhat.com"}