CVE-2020-27217: Improper Validation of Specified Quantity in Input in Eclipse Hono
7.5
Basic Information
Technical Details
Package Name | Ecosystem | Vulnerable Versions | First Patched Version |
---|---|---|---|
org.eclipse.hono:hono-core | maven | <= 1.4.0 | 1.4.3 |
Vulnerability Intelligence
Miggo AI
Root Cause Analysis
The provided patches show configuration changes (ServiceConfigProperties.java
) and test case modifications (AmqpUploadTestBase.java
) but do not include the actual runtime message processing code where the vulnerability existed. The critical vulnerability was in the AMQP adapter's failure to enforce max-message-size during message transfer, which would have been handled by proton-j/vertx-proton
library internals or Hono's AMQP adapter message processing logic not visible in these patches. The test cases added validation()
that max-message-size is properly advertised, but the vulnerable function that failed to enforce this limit during message reception isn't present in the provided code changes. Without seeing the actual message ingestion path code modifications, we cannot definitively identify vulnerable functions from the given patches.