VDB
CVE-2019-0222
CVE-2019-0222
PUBLISHED
In Apache ActiveMQ 5.0.0 - 5.15.8, unmarshalling corrupt MQTT frame can lead to broker Out of Memory exception making it unresponsive.
EPSS 8.92% · 92.7th percentile
Risk Scores
EPSS Score
8.92%
92.7th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Ubuntu:24.04:LTS | mqtt-client | 1.16-1, 0 |
| Ubuntu:Pro:16.04:LTS | mqtt-client | 0, 1.10-1 |
| Ubuntu:24.04:LTS | activemq | 5.17.6+dfsg-1, 0, 5.17.2+dfsg-2 |
| Ubuntu:Pro:22.04:LTS | activemq | 5.16.1-1ubuntu0.1~esm1, 0, 5.16.1-1 |
| Ubuntu:20.04:LTS | mqtt-client | 1.14-1, 0 |
| Ubuntu:25.10 | activemq | 5.17.6+dfsg-1, 5.17.6+dfsg-2, 0 |
| Ubuntu:Pro:16.04:LTS | activemq | *, 5.6.0+dfsg1-4+deb8u1ubuntu1, 0 |
| Ubuntu:25.10 | mqtt-client | 1.16-1, 0 |
| Ubuntu:Pro:20.04:LTS | activemq | 0, 5.15.11-1, 5.15.10-1 |
| Ubuntu:Pro:18.04:LTS | mqtt-client | 1.14-1, 0 |
| Ubuntu:Pro:18.04:LTS | activemq | *, 5.15.2-2, 5.15.8-2~18.04.1~esm1 |
Exploit Intelligence
- shoucheng3/apache__activemq_CVE-2019-0222_5-15-8 (github-poc)
- shoucheng3/apache__activemq_CVE-2019-0222_5-15-8 (github-poc)
- shoucheng3/apache__activemq_CVE-2019-0222_5-15-8 (github-poc)
- shoucheng3/apache__activemq_CVE-2019-0222_5-15-8 (github-poc)
- shoucheng3/apache__activemq_CVE-2019-0222_5-15-8 (github-poc)
- shoucheng3/apache__activemq_CVE-2019-0222_5-15-8 (github-poc)
- shoucheng3/apache__activemq_CVE-2019-0222_5-15-8 (github-poc)
- CIRCL seen: CVE-2019-0222 (circl-sighting)
- https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html (circl)
- [debian-lts-announce] 20210305 [SECURITY] [DLA 2582-1] mqtt-client security update (circl)
…and 17 more exploits
Timeline
- Mar 28, 2019 CVE Published
- Apr 14, 2021 EPSS Score
- Aug 24, 2021 EPSS Score
- Dec 27, 2021 EPSS Score
- Feb 4, 2022 EPSS Score
- Feb 28, 2022 EPSS Score
- May 2, 2022 EPSS Score
- Sep 5, 2022 EPSS Score
- Jan 8, 2023 EPSS Score
- Mar 11, 2023 EPSS Score
- Jul 15, 2023 EPSS Score
- Nov 17, 2023 EPSS Score
References
- https://ubuntu.com/security/CVE-2019-0222 third-party-advisory
- http://activemq.apache.org/security-advisories.data/CVE-2019-0222-announcement.txt third-party-advisory
- http://www.openwall.com/lists/oss-security/2019/03/27/2 third-party-advisory
- https://lists.apache.org/thread.html/03f91b1fb85686a848cee6b90112cf6059bd1b21b23bacaa11a962e1@%3Cdev.activemq.apache.org%3E third-party-advisory
- https://lists.apache.org/thread.html/2b5c0039197a4949f29e1e2c9441ab38d242946b966f61c110808bcc@%3Ccommits.activemq.apache.org%3E third-party-advisory
- https://lists.apache.org/thread.html/71640324661c1b6d0b6708bd4fb20170e1b979370a4b8cddc4f8d485@%3Cdev.activemq.apache.org%3E third-party-advisory
- https://lists.apache.org/thread.html/7da9636557118178b1690ba0af49c8a7b7b97d925218b5774622f488@%3Cusers.activemq.apache.org%3E third-party-advisory
- https://lists.apache.org/thread.html/a859563f05fbe7c31916b3178c2697165bd9bbf5a65d1cf62aef27d2@%3Ccommits.activemq.apache.org%3E third-party-advisory
- https://lists.apache.org/thread.html/d1e334bd71d6e68462c62c726fe6db565c7a6283302f9c1feed087fa@%3Ccommits.activemq.apache.org%3E third-party-advisory
- https://lists.apache.org/thread.html/fcbe6ad00f1de142148c20d813fae3765dc4274955e3e2f3ca19ff7b@%3Cdev.activemq.apache.org%3E third-party-advisory
- https://ubuntu.com/security/notices/USN-6685-1 vendor-advisory
- https://www.cve.org/CVERecord?id=CVE-2019-0222 third-party-advisory