CVE-2021-22095

See a problem?
Please try reporting it to the source first.

Source

https://cve.org/CVERecord?id=CVE-2021-22095

Import Source

https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2021-22095.json

JSON Data

https://api.test.osv.dev/v1/vulns/CVE-2021-22095

Aliases

GHSA-945q-ch46-pchg

Downstream

UBUNTU-CVE-2021-22095

Published

2021-11-30T19:15:08.610Z

Modified

2026-02-03T21:08:39.147447Z

Severity

6.5 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVSS Calculator

Summary

[none]

Details

In Spring AMQP versions 2.2.0 - 2.2.19 and 2.3.0 - 2.3.11, the Spring AMQP Message object, in its toString() method, will create a new String object from the message body, regardless of its size. This can cause an OOM Error with a large message

References

https://tanzu.vmware.com/security/cve-2021-22097

Affected packages

Git / github.com/spring-projects/spring-amqp

Affected ranges

Type: GIT
Repo: https://github.com/spring-projects/spring-amqp
Events: Introduced

0e6ef48c09c6d0d65d2876c7ca2c8b75c4545b54

Fixed

0db528d89635e8cb6b02631be2d2ecdbc267a655

Introduced

e45f1a8ae69e88a2738a98b63d4dc7c20c6d44ff

Fixed

96487f72e6db02859231ec420d6aee0b047784b0

Affected versions

v2.*

v2.2.0.RELEASE

v2.2.1.RELEASE

v2.2.10.RELEASE

v2.2.11.RELEASE

v2.2.12.RELEASE

v2.2.13.RELEASE

v2.2.14.RELEASE

v2.2.15.RELEASE

v2.2.16.RELEASE

v2.2.17.RELEASE

v2.2.18.RELEASE

v2.2.2.RELEASE

v2.2.3.RELEASE

v2.2.4.RELEASE

v2.2.5.RELEASE

v2.2.6.RELEASE

v2.2.7.RELEASE

v2.2.8.RELEASE

v2.2.9.RELEASE

v2.3.0

v2.3.1

v2.3.10

v2.3.2

v2.3.3

v2.3.4

v2.3.5

v2.3.6

v2.3.7

v2.3.8

v2.3.9

Database specific

source

"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2021-22095.json"