CVE-2017-15701: Uncontrolled Resource Consumption

October 19, 2018 (updated September 1, 2021)

In Apache Qpid Broker-J versions 6.1.0 through 6.1.4 (inclusive) the broker does not properly enforce a maximum frame size in AMQP 1.0 frames. A remote unauthenticated attacker could exploit this to cause the broker to exhaust all available memory and eventually terminate. Older AMQP protocols are not affected.

References

github.com/advisories/GHSA-4r7g-7cpj-5jr7
nvd.nist.gov/vuln/detail/CVE-2017-15701
qpid.apache.org/cves/CVE-2017-15701.html

Detect and mitigate CVE-2017-15701 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →