Apache Activemq Stomp
Monthly
Denial-of-service in Apache ActiveMQ STOMP connectors lets a remote peer that can reach an exposed STOMP port crash or exhaust the broker by sending a negative content-length value. On the NIO STOMP transport the attacker streams body bytes to grow the per-connection command buffer past configured limits and force an out-of-memory condition, while the blocking STOMP transport instead throws an abnormal transport exception that closes the affected connection. The flaw affects ActiveMQ, ActiveMQ All, and ActiveMQ Stomp before 5.19.8 and the 6.0.0-6.2.6 line; no public exploit identified at time of analysis and the issue is not listed in CISA KEV.
Denial-of-service in Apache ActiveMQ STOMP connectors lets a remote peer that can reach an exposed STOMP port crash or exhaust the broker by sending a negative content-length value. On the NIO STOMP transport the attacker streams body bytes to grow the per-connection command buffer past configured limits and force an out-of-memory condition, while the blocking STOMP transport instead throws an abnormal transport exception that closes the affected connection. The flaw affects ActiveMQ, ActiveMQ All, and ActiveMQ Stomp before 5.19.8 and the 6.0.0-6.2.6 line; no public exploit identified at time of analysis and the issue is not listed in CISA KEV.