CVE-2018-8030 — Denial of service vulnerability exists when .NET and .NET Core improperly proces

Description

A Denial of Service vulnerability was found in Apache Qpid Broker-J versions 7.x before 7.1.0 when AMQP protocols 0-8, 0-9 or 0-91 are used to publish messages with size greater than allowed maximum message size limit (100MB by default). The broker crashes due to the defect. AMQP protocols 0-10 and 1.0 are not affected.

How to fix CVE-2018-8030

To remediate CVE-2018-8030, upgrade the affected package to a fixed version below.

—upgrade to 7.1.0 or later

Is CVE-2018-8030 being exploited?

Low — EPSS is 0.9%, meaning exploitation activity has not been observed at scale.

Affected packages (1)

>= 7.0.0, < 7.1.0

CVSS scores

Source	Version	Severity	Vector
osv	CVSS 3.1	HIGH7.5	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

References (7)

ADVISORYgithub.com/advisories/GHSA-7xr3-rgwh-pw22
ADVISORYnvd.nist.gov/vuln/detail/CVE-2018-8030
WEBgithub.com/apache/qpid-broker-j
WEBgithub.com/apache/qpid-broker-j/commit/025b48f3193e2b10b1c41d2bc3bcfc9cfc238a27
WEB