PT-2023-9000 · Microsoft+2 · Azure Uamqp+2

Ericwolz

Publicado

2023-12-06

Atualizado

2024-02-05

CVE-2024-21646

CVSS v2.0

Crítica

Vetor

AV:N/AC:L/Au:N/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions Azure uAMQP versions prior to 2024-01-01

Description The issue is related to an integer overflow or wraparound or memory safety issue in the Azure uAMQP library, which is a general-purpose C library for AMQP 1.0. This library is used by several clients to implement AMQP protocol communication. When clients using this library receive crafted binary type data, the issue can occur and may cause remote code execution.

Recommendations For Azure uAMQP versions prior to 2024-01-01, update to the release 2024-01-01 or later to patch the vulnerability. As a temporary workaround, consider restricting the reception of crafted binary type data to minimize the risk of exploitation.

Exploit

Correção

RCE

Integer Overflow

Code Injection

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-190CWE-94

Identificadores relacionados

AZL-33284

AZL-34555

BDU:2024-02931

CVE-2024-21646

GHSA-J29M-P99G-7HPV

OPENSUSE-SU-2024:13643-1

OPENSUSE-SU-2024_0323-1

SUSE-SU-2024:0323-1

SUSE-SU-2024_0323-1

Produtos afetados

Azure Uamqp

Debian

Suse

PT-2023-9000 · Microsoft+2 · Azure Uamqp+2

CVE-2024-21646

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 25