The issue was initially discovered by security researcher Gai Tanaka and confirmed on the Apache mailing list by maintainers Christopher L. Shannon and Matt Pavlovich.
The root cause of this vulnerability lies in the Apache ActiveMQ MQTT module. When a client sends an MQTT control packet, the broker reads a “remaining length” field to determine how much incoming data follows.
ActiveMQ fails to properly validate this field, leading to an integer overflow during decoding. Consequently, the broker miscalculates the payload size and misinterprets a singlemalicious payload as multiple different MQTT packets.
This behavior directly violates the official MQTT v3.1.1 specification, which strictly limits the remaining length to four bytes.
Ultimately, this confusion causes unexpected broker behavior and disrupts message handling for non-compliant clients.
Fortunately, the attack surface is somewhat limited. The exploit can only occur on established network connections after the attacker has completed authentication.
Furthermore, the vulnerability only affects servers with MQTT transport connectors explicitly enabled. Brokers operating without MQTT transport enabled are entirely safe from this specific threat.
The vulnerability impacts the core Apache ActiveMQ framework, the ActiveMQ All module, and the MQTT module across several version branches.
Specifically, it affects all versions before 5.19.2, versions 6.0.0 through 6.1.8, and version 6.2.0.
To secure their infrastructure, administrators must upgrade to the officially patched versions: 5.19.2, 6.1.9, or 6.2.1.
These security updates introduce strict validation checks on packet-length fields to prevent overflow conditions permanently. Security teams are highly encouraged to upgrade their installations immediately.
If patching is not feasible in your environment at the moment, you should temporarily turn off the MQTT transport connector as a mitigation.
Readers can find more technical details and source information on the official Apache ActiveMQ portal or the CVE tracking database.
Follow us on Google News, LinkedIn, and X for daily cybersecurity updates. Contact us to feature your stories.
The post Apache ActiveMQ Allow Attackers to Trigger DoS Attacks With Malformed Packets appeared first on Cyber Security News.
Upcoming RTS Dawn of War 4 has a new CGI trailer to reveal the Adeptus…
You like Wolfhound, but Wolfhound does not like you. I’m going to write about 1,180…
Switch 2 exclusive Splatoon Raiders will arrive in July, Nintendo has announced. The Splatoon spinoff…
It appears I Am Legend 2 is moving forward at Warner Bros., with reports indicating…
A real-world intrusion campaign leveraging publicly available Nightmare-Eclipse privilege escalation tooling, BlueHammer, RedSun, and UnDefend,…
A new ransomware-as-a-service (RaaS) operation known as “The Gentlemen” has emerged as a serious threat…
This website uses cookies.