Bug 2494841 (CVE-2026-50734)

Summary: CVE-2026-50734 Apache ActiveMQ Client: Apache ActiveMQ: Apache ActiveMQ All: Apache ActiveMQ: Denial of Service via crafted WireFormatInfo frame
Product: [Other] Security Response Reporter: OSIDB Bzimport <bzimport>
Component: vulnerabilityAssignee: Product Security <prodsec-ir-bot>
Status: NEW --- QA Contact:
Severity: high Docs Contact:
Priority: high    
Version: unspecifiedCC: anthomas, anujha, aschwart, asoldano, aszczucz, ataylor, bbaranow, bmaxwell, boliveir, bstansbe, dbruscin, dlofthou, drichtar, ehelms, ehugonne, fmariani, ggainey, gmalinko, gtanzill, istudens, ivassile, iweiss, janstey, jbuscemi, jpasqual, juwatts, jwon, kvanderr, mcarlett, mhulan, mosmerov, mposolda, msvehla, nmoumoul, nwallace, osousa, pberan, pcreech, pdelbell, pesilva, pjindal, pmackay, rchan, rhel-process-autobot, rmartinc, rstancel, rstepani, smallamp, ssilvert, sthorger, tcunning, thjenkin, tmalecek, vdosoudi, vmuzikar, watson-tool-maintainers, yfang
Target Milestone: ---Keywords: Security
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: ---
Doc Text:
A flaw was found in Apache ActiveMQ. An unauthenticated network attacker can exploit this vulnerability by sending a specially crafted WireFormatInfo frame with an excessively large size value. This unvalidated value causes the broker to attempt an oversized memory allocation during pre-authentication negotiation. Consequently, this can lead to an Out Of Memory (OOM) error, resulting in a Denial of Service (DoS) and crashing the broker.
Story Points: ---
Clone Of: Environment:
Last Closed: Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On: 2495075, 2495076    
Bug Blocks:    

Description OSIDB Bzimport 2026-06-30 11:01:56 UTC
Memory Allocation with Excessive Size Value vulnerability in Apache ActiveMQ Client, Apache ActiveMQ, Apache ActiveMQ All.

An unauthenticated network attacker can cause a broker DoS by sending a crafted WireFormatInfo frame with a malicious large size value. The value is not validate and causes the broker to attempt allocation during pre-auth negotiation which can trigger OOM and crash the broker.
This issue affects Apache ActiveMQ Client: before 5.19.8, from 6.0.0 before 6.2.7; Apache ActiveMQ: before 5.19.8, from 6.0.0 before 6.2.7; Apache ActiveMQ All: before 5.19.8, from 6.0.0 before 6.2.7.

Users are recommended to upgrade to version 6.2.7 or 5.19.8, which fixes the issue.