CVE-2024-21646

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2024-21646
Azure uAMQP is a general purpose C library for AMQP 1.0. The UAMQP library is used by several clients to implement AMQP protocol communication. When clients using this library receive a crafted binary type data, an integer overflow or wraparound or memory safety issue can occur and may cause remote code execution. This vulnerability has been patched in release 2024-01-01.

9.8 /10

CVSS v3 : CRITICAL

V3 Legend

Vector :

Exploitability : 3.9 / Impact : 5.9

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References
Link Resource
https://github.com/Azure/azure-uamqp-c/commit/12ddb3a31a5a97f55b06fa5d74c59a1d84ad78fe Patch
https://github.com/Azure/azure-uamqp-c/security/advisories/GHSA-j29m-p99g-7hpv Vendor Advisory
Configurations

Configuration 1 (hide)

cpe:2.3:a:microsoft:azure_uamqp:*:*:*:*:*:*:*:*
History

12 Jan 2024, 16:39

Type Values Removed Values Added
First Time Microsoft azure Uamqp
Microsoft
CPE cpe:2.3:a:microsoft:azure_uamqp:*:*:*:*:*:*:*:*
CWE CWE-190
References () https://github.com/Azure/azure-uamqp-c/commit/12ddb3a31a5a97f55b06fa5d74c59a1d84ad78fe - () https://github.com/Azure/azure-uamqp-c/commit/12ddb3a31a5a97f55b06fa5d74c59a1d84ad78fe - Patch
References () https://github.com/Azure/azure-uamqp-c/security/advisories/GHSA-j29m-p99g-7hpv - () https://github.com/Azure/azure-uamqp-c/security/advisories/GHSA-j29m-p99g-7hpv - Vendor Advisory

09 Jan 2024, 14:01

Type Values Removed Values Added
Summary
  • (es) Azure uAMQP es una librería C de uso general para AMQP 1.0. Varios clientes utilizan la librería UAMQP para implementar la comunicación del protocolo AMQP. Cuando los clientes que utilizan esta librería reciben datos de tipo binario manipulados, puede producirse un desbordamiento de enteros o un problema de seguridad de la memoria que puede provocar la ejecución remota de código. Esta vulnerabilidad se solucionó en la versión 2024-01-01.

09 Jan 2024, 01:15

Type Values Removed Values Added
New CVE
Information

Published : 2024-01-09 01:15

Updated : 2024-01-12 16:39

NVD link : CVE-2024-21646

Mitre link : CVE-2024-21646

CVE.ORG link : CVE-2024-21646

JSON object : View

Products Affected

microsoft

  • azure_uamqp
CWE
CWE-190

Integer Overflow or Wraparound

CWE-94

Improper Control of Generation of Code ('Code Injection')