Description
A problem been reported by a Security Researcher when a Java process running an embedded Artemis Broker been sent a handcrafted message:
cat /path/to/dospayload.binary > /dev/tcp/<broker_address>/<broker_port>
resulting OutOfMemory crash, please see attachment.
The problem is caused by the fact that a 32-bit integer is read from the stream and byte array is allocated using this value without performing any checks.