PT-2019-6511 · Apache · Qpid-Cpp
Vincent Danen
·
Publicado
2019-11-09
·
Atualizado
2019-11-12
·
CVE-2009-5004
CVSS v2.0
4.0
Média
| Vetor | AV:N/AC:L/Au:S/C:N/I:N/A:P |
Name of the Vulnerable Software and Affected Versions
qpid-cpp version 1.0
Description
The issue occurs when a large message is sent and the Digest-MD5 mechanism with a security layer is in use, causing qpid-cpp to crash.
Recommendations
For qpid-cpp version 1.0, consider disabling the Digest-MD5 mechanism with a security layer as a temporary workaround until a patch is available. Restrict the size of messages to prevent crashes.
Correção
RCE
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Enumeração de Fraquezas
Identificadores relacionados
Produtos afetados
Qpid-Cpp