In Apache ActiveMQ 5.0.0 - 5.15.8, unmarshalling corrupt MQTT frame can lead to broker Out of Memory exception making it unresponsive. References: http://activemq.apache.org/security-advisories.data/CVE-2019-0222-announcement.txt
Created activemq tracking bugs for this issue: Affects: fedora-all [bug 1696013]
This flaw is in ActiveMQ 5.x, not ActiveMQ Artemis which is a different codebase based on HornetMQ.
This vulnerability is out of security support scope for the following products: * Red Hat JBoss A-MQ 6 * Red Hat JBoss Fuse Service Works 6 * Red Hat JBoss Fuse 6 Please refer to https://access.redhat.com/support/policy/updates/jboss_notes for more details.
Since this is not an issue with ActiveMQ Artemis, JDG and RHSSO are not affected.
This vulnerability is out of security support scope for the following products: * JBoss Developer Studio 11 Please refer to https://access.redhat.com/node/4027141 for more details.
This issue has been addressed in the following products: Red Hat AMQ Via RHSA-2020:0922 https://access.redhat.com/errata/RHSA-2020:0922
This bug is now closed. Further updates for individual products will be reflected on the CVE page(s): https://access.redhat.com/security/cve/cve-2019-0222
This issue has been addressed in the following products: Red Hat AMQ 7.4.3 Via RHSA-2020:1445 https://access.redhat.com/errata/RHSA-2020:1445