← Back to CVE List

CVE-2020-27217

Published: 2020-11-13T20:15Z
Last Modified: 2024-11-21T05:20Z
Source: MITRE CVE List
License: MITRE-CVE-TOS
In Eclipse Hono version 1.3.0 and 1.4.0 the AMQP protocol adapter does not verify the size of AMQP messages received from devices. In particular, a device may send messages that are bigger than the max-message-size that the protocol adapter has indicated during link establishment. While the AMQP 1.0 protocol explicitly disallows a peer to send such messages, a hand crafted AMQP 1.0 client could exploit this behavior in order to send a message of unlimited size to the adapter, eventually causing the adapter to fail with an out of memory exception. > MITRE Terms of Use apply – see LICENSE‑MITRE.txt