{"containers": {"cna": {"affected": [{"product": "AMQ Broker", "vendor": "n/a", "versions": [{"status": "affected", "version": "Fixed in v2.19.1, v2.20.0"}]}], "descriptions": [{"lang": "en", "value": "A flaw was found in AMQ Broker. This issue can cause a partial interruption to the availability of AMQ Broker via an Out of memory (OOM) condition. This flaw allows an attacker to partially disrupt availability to the broker through a sustained attack of maliciously crafted messages. The highest threat from this vulnerability is system availability."}], "problemTypes": [{"descriptions": [{"cweId": "CWE-400", "description": "CWE-400 - Uncontrolled Resource Consumption", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"dateUpdated": "2022-08-24T15:13:07", "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2028254"}, {"tags": ["x_refsource_MISC"], "url": "https://access.redhat.com/security/cve/CVE-2021-4040"}, {"tags": ["x_refsource_MISC"], "url": "https://issues.apache.org/jira/browse/ARTEMIS-3593"}, {"tags": ["x_refsource_MISC"], "url": "https://github.com/apache/activemq-artemis/pull/3871/commits"}]}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-03T17:16:03.705Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2028254"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://access.redhat.com/security/cve/CVE-2021-4040"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://issues.apache.org/jira/browse/ARTEMIS-3593"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://github.com/apache/activemq-artemis/pull/3871/commits"}]}]}, "cveMetadata": {"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "cveId": "CVE-2021-4040", "datePublished": "2022-08-24T15:13:07", "dateReserved": "2021-12-02T00:00:00", "dateUpdated": "2024-08-03T17:16:03.705Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:redhat:amq_broker:*:*:*:*:*:*:*:*", "matchCriteriaId": "4B56B867-75FC-47C5-94C7-B96DC3028D64", "versionEndExcluding": "7.10.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:apache:activemq_artemis:*:*:*:*:*:*:*:*", "matchCriteriaId": "18C0F17A-A27D-40E9-9ACE-5BD86A02BA54", "versionEndExcluding": "2.19.1", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "A flaw was found in AMQ Broker. This issue can cause a partial interruption to the availability of AMQ Broker via an Out of memory (OOM) condition. This flaw allows an attacker to partially disrupt availability to the broker through a sustained attack of maliciously crafted messages. The highest threat from this vulnerability is system availability."}, {"lang": "es", "value": "Se ha encontrado un fallo en AMQ Broker. Este problema puede causar una interrupci\u00f3n parcial de la disponibilidad de AMQ Broker por medio de una condici\u00f3n de Out of memory (OOM). Este fallo permite a un atacante interrumpir parcialmente la disponibilidad del broker mediante un ataque sostenido de mensajes maliciosamente dise\u00f1ados. La mayor amenaza de esta vulnerabilidad es la disponibilidad del sistema."}], "id": "CVE-2021-4040", "lastModified": "2022-08-29T16:40:20.963", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 1.4, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2022-08-24T16:15:09.313", "references": [{"source": "secalert@redhat.com", "tags": ["Vendor Advisory"], "url": "https://access.redhat.com/security/cve/CVE-2021-4040"}, {"source": "secalert@redhat.com", "tags": ["Issue Tracking", "Vendor Advisory"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2028254"}, {"source": "secalert@redhat.com", "tags": ["Patch", "Third Party Advisory"], "url": "https://github.com/apache/activemq-artemis/pull/3871/commits"}, {"source": "secalert@redhat.com", "tags": ["Patch", "Third Party Advisory"], "url": "https://issues.apache.org/jira/browse/ARTEMIS-3593"}], "sourceIdentifier": "secalert@redhat.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-787"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-400"}], "source": "secalert@redhat.com", "type": "Secondary"}]}

{"affected_release": [{"advisory": "RHSA-2022:5101", "cpe": "cpe:/a:redhat:amq_broker:7", "package": "broker", "product_name": "Red Hat AMQ 7.10.0", "release_date": "2022-06-16T00:00:00Z"}], "bugzilla": {"description": "Broker: Malformed message can result in partial DoS (OOM)", "id": "2028254", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2028254"}, "csaw": false, "cvss3": {"cvss3_base_score": "5.3", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "status": "verified"}, "cwe": "CWE-400", "details": ["A flaw was found in AMQ Broker. This issue can cause a partial interruption to the availability of AMQ Broker via an Out of memory (OOM) condition. This flaw allows an attacker to partially disrupt availability to the broker through a sustained attack of maliciously crafted messages. The highest threat from this vulnerability is system availability.", "A flaw was found in AMQ Broker. This issue can cause a partial interruption to the availability of AMQ Broker via an Out of memory (OOM) condition. This flaw allows an attacker to partially disrupt availability to the broker through a sustained attack of maliciously crafted messages. The highest threat from this vulnerability is system availability."], "name": "CVE-2021-4040", "public_date": "2021-11-19T12:05:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2021-4040\nhttps://nvd.nist.gov/vuln/detail/CVE-2021-4040"], "threat_severity": "Moderate"}