https://bugzilla.redhat.com/show_bug.cgi?id=1685179
Bug ID: 1685179 Summary: CVE-2019-0200 qpid-java: Malformed AMQP 0-8 to 0-10 commands resulting in a Denial of Service Product: Security Response Hardware: All OS: Linux Status: NEW Whiteboard: impact=important,public=20190301,reported=20190301,sou rce=oss-security,cvss3=7.5/CVSS:3.0/AV:N/AC:L/PR:N/UI: N/S:U/C:N/I:N/A:H,cwe=CWE-20,fedora-all/qpid-java=affe cted,mrg-m-3/qpid-java=notaffected Component: vulnerability Keywords: Security Severity: high Priority: high Assignee: security-response-team@redhat.com Reporter: anemec@redhat.com CC: esammons@redhat.com, java-sig-commits@lists.fedoraproject.org, jross@redhat.com, mcressma@redhat.com, messaging-bugs@redhat.com, puntogil@libero.it, rrajasek@redhat.com Target Milestone: --- Classification: Other
A Denial of Service vulnerability was found in Apache Qpid Broker-J versions 6.0.0-7.0.6 (inclusive) and 7.1.0 which allows an unauthenticated attacker to crash the broker instance by sending specially crafted commands using AMQP protocol versions below 1.0 (AMQP 0-8, 0-9, 0-91 and 0-10).
Upstream issue:
https://issues.apache.org/jira/browse/QPID-8273
References:
https://seclists.org/oss-sec/2019/q1/152
https://bugzilla.redhat.com/show_bug.cgi?id=1685179
Andrej Nemec anemec@redhat.com changed:
What |Removed |Added ---------------------------------------------------------------------------- Depends On| |1685180
--- Comment #1 from Andrej Nemec anemec@redhat.com --- Created qpid-java tracking bugs for this issue:
Affects: fedora-all [bug 1685180]
Referenced Bugs:
https://bugzilla.redhat.com/show_bug.cgi?id=1685180 [Bug 1685180] CVE-2019-0200 qpid-java: Malformed AMQP 0-8 to 0-10 commands resulting in a Denial of Service [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=1685179 Bug 1685179 depends on bug 1685180, which changed state.
Bug 1685180 Summary: CVE-2019-0200 qpid-java: Malformed AMQP 0-8 to 0-10 commands resulting in a Denial of Service [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1685180
What |Removed |Added ---------------------------------------------------------------------------- Status|NEW |CLOSED Resolution|--- |EOL
java-sig-commits@lists.fedoraproject.org