CVE-2022-23913 – This vulnerability in Apache ActiveMQ Artemis a... (How to Fix)

Q: What is the severity of CVE-2022-23913?

CVE-2022-23913 has a CVSS score of 7.5 (HIGH). This vulnerability in Apache ActiveMQ Artemis allows attackers to cause a denial-of-service (DoS) condition by consuming excessive memory resources. Systems running vulnerable versions of ActiveMQ Artemis are affected, potentially disrupting message broker availability.

📋 TL;DR

This vulnerability in Apache ActiveMQ Artemis allows attackers to cause a denial-of-service (DoS) condition by consuming excessive memory resources. Systems running vulnerable versions of ActiveMQ Artemis are affected, potentially disrupting message broker availability.

💻 Affected Systems

Products:

Apache ActiveMQ Artemis

Versions: All versions prior to 2.20.0 and 2.19.1

Operating Systems: All

Default Config Vulnerable: ⚠️ Yes

Notes: All configurations using vulnerable versions are affected. The vulnerability is in the core broker functionality.

📦 What is this software?

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete service disruption of the ActiveMQ Artemis broker, causing message processing to halt and potentially affecting dependent applications.

🟠

Likely Case

Partial degradation of service performance, increased latency, and potential broker crashes requiring restart.

🟢

If Mitigated

Limited impact with proper resource monitoring and limits in place, though some performance degradation may still occur.

🌐 Internet-Facing: HIGH

🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

The vulnerability involves uncontrolled resource consumption which can be triggered without authentication.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 2.20.0 or 2.19.1

Vendor Advisory: https://lists.apache.org/thread/fjynj57rd99s814rdn5hzvmx8lz403q2

Restart Required: Yes

Instructions:

1. Download Apache ActiveMQ Artemis 2.20.0 or 2.19.1 from the official Apache website. 2. Stop the current ActiveMQ Artemis broker. 3. Backup configuration and data. 4. Install the patched version. 5. Restore configuration and data. 6. Start the updated broker.

🔧 Temporary Workarounds

Implement Resource Limits

all

Configure memory usage limits and monitoring to detect and prevent excessive consumption

Configure memory limits in broker.xml: <max-disk-usage>90</max-disk-usage>
Set memory limit: -Xmx4g (adjust based on your environment)

Network Access Control

linux

Restrict network access to ActiveMQ Artemis broker to trusted sources only

iptables -A INPUT -p tcp --dport 61616 -s trusted_ip -j ACCEPT
iptables -A INPUT -p tcp --dport 61616 -j DROP

🧯 If You Can't Patch

Implement strict network segmentation and firewall rules to limit access to ActiveMQ Artemis
Deploy monitoring with alerts for abnormal memory consumption patterns

🔍 How to Verify

Check if Vulnerable:

Check the ActiveMQ Artemis version: grep 'ActiveMQ Artemis' $ARTEMIS_HOME/log/artemis.log | head -1

Check Version:

$ARTEMIS_HOME/bin/artemis version

Verify Fix Applied:

Verify the version is 2.20.0 or 2.19.1 or higher: $ARTEMIS_HOME/bin/artemis version

📡 Detection & Monitoring

Log Indicators:

High memory usage warnings in artemis.log
OutOfMemoryError exceptions
Frequent garbage collection events

Network Indicators:

Unusual high volume of connections to broker ports
Abnormal message traffic patterns

SIEM Query:

source="artemis.log" AND ("OutOfMemory" OR "memory" AND "high" OR "exhausted")

📊 Metadata

CVE ID: CVE-2022-23913

CVSS v3 Score: 7.5 (HIGH)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE: CWE-770

Published: February 4, 2022

Last Updated: November 21, 2024

🔗 References

https://lists.apache.org/thread/fjynj57rd99s814rdn5hzvmx8lz403q2 Exploit,Issue Tracking,Mailing List,Third Party Advisory
https://security.netapp.com/advisory/ntap-20220303-0003/ Third Party Advisory
https://lists.apache.org/thread/fjynj57rd99s814rdn5hzvmx8lz403q2 Exploit,Issue Tracking,Mailing List,Third Party Advisory
https://security.netapp.com/advisory/ntap-20220303-0003/ Third Party Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2022-23913, you might also want to check these: