The AMQP type decoder in Apache Qpid 0.20 and earlier allows remote attackers to cause a denial of service (memory consumption and server crash) via a large number of zero width elements in the client-properties map in a connection.start-ok message.
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| Qpid | Apache | * | 0.20 (including) |
| Qpid | Apache | 0.5 (including) | 0.5 (including) |
| Qpid | Apache | 0.6 (including) | 0.6 (including) |
| Qpid | Apache | 0.7 (including) | 0.7 (including) |
| Qpid | Apache | 0.8 (including) | 0.8 (including) |
| Qpid | Apache | 0.9 (including) | 0.9 (including) |
| Qpid | Apache | 0.10 (including) | 0.10 (including) |
| Qpid | Apache | 0.11 (including) | 0.11 (including) |
| Qpid | Apache | 0.12 (including) | 0.12 (including) |
| Qpid | Apache | 0.13 (including) | 0.13 (including) |
| Qpid | Apache | 0.14 (including) | 0.14 (including) |
| Qpid | Apache | 0.15 (including) | 0.15 (including) |
| Qpid | Apache | 0.16 (including) | 0.16 (including) |
| Qpid | Apache | 0.17 (including) | 0.17 (including) |
| Qpid | Apache | 0.18 (including) | 0.18 (including) |
| Qpid | Apache | 0.19 (including) | 0.19 (including) |