Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
In Eclipse Hono version 1.3.0 and 1.4.0 the AMQP protocol adapter does not verify the size of AMQP messages received from devices. In particular, a device may send messages that are bigger than the max-message-size that the protocol adapter has indicated during link establishment. While the AMQP 1.0 protocol explicitly disallows a peer to send such messages, a hand crafted AMQP 1.0 client could exploit this behavior in order to send a message of unlimited size to the adapter, eventually causing the adapter to fail with an out of memory exception.
CVSS Information
N/A
Vulnerability Type
CWE-1284
Vulnerability Title
Eclipse Hono 安全漏洞
Vulnerability Description
Eclipse Hono是Eclipse基金会的一个用于为所连接的 IOT 设备提供控制接口的软件。该软件连接大量的IOT设备,并提供对外提供统一的访问接口进行控制。 Eclipse Hono 1.3.0版本和1.4.0版本存在安全漏洞,该漏洞源于AMQP协议适配器不验证从设备接收到的AMQP消息的大小。特别是设备可以发送大于协议适配器在建立链路期间所指示的最大消息大小的消息。
CVSS Information
N/A
Vulnerability Type
N/A