CVE-2024-21646

Azure uAMQP is a general purpose C library for AMQP 1.0. The UAMQP library is used by several clients to implement AMQP protocol communication. When clients using this library receive a crafted binary type data, an integer overflow or wraparound or memory safety issue can occur and may cause remote code execution. This vulnerability has been patched in release 2024-01-01.
Configurations

Configuration 1 (hide)

cpe:2.3:a:microsoft:azure_uamqp:*:*:*:*:*:*:*:*

History

12 Jan 2024, 16:39

Type Values Removed Values Added
References () https://github.com/Azure/azure-uamqp-c/commit/12ddb3a31a5a97f55b06fa5d74c59a1d84ad78fe - () https://github.com/Azure/azure-uamqp-c/commit/12ddb3a31a5a97f55b06fa5d74c59a1d84ad78fe - Patch
References () https://github.com/Azure/azure-uamqp-c/security/advisories/GHSA-j29m-p99g-7hpv - () https://github.com/Azure/azure-uamqp-c/security/advisories/GHSA-j29m-p99g-7hpv - Vendor Advisory
First Time Microsoft azure Uamqp
Microsoft
CPE cpe:2.3:a:microsoft:azure_uamqp:*:*:*:*:*:*:*:*
CWE CWE-190

09 Jan 2024, 14:01

Type Values Removed Values Added
Summary
  • (es) Azure uAMQP es una librería C de uso general para AMQP 1.0. Varios clientes utilizan la librería UAMQP para implementar la comunicación del protocolo AMQP. Cuando los clientes que utilizan esta librería reciben datos de tipo binario manipulados, puede producirse un desbordamiento de enteros o un problema de seguridad de la memoria que puede provocar la ejecución remota de código. Esta vulnerabilidad se solucionó en la versión 2024-01-01.

09 Jan 2024, 01:15

Type Values Removed Values Added
New CVE

Information

Published : 2024-01-09 01:15

Updated : 2024-01-12 16:39


NVD link : CVE-2024-21646

Mitre link : CVE-2024-21646

CVE.ORG link : CVE-2024-21646


JSON object : View

Products Affected

microsoft

  • azure_uamqp
CWE
CWE-190

Integer Overflow or Wraparound

CWE-94

Improper Control of Generation of Code ('Code Injection')