Ericwolz

**Name of the Vulnerable Software and Affected Versions** uAMQP (affected versions not specified) **Description** The uAMQP library, used for AMQP 1.0 communication to Azure Cloud Services, contains an error related to the incorrect processing of an `AMQP VALUE` failed state, which may cause a double free problem. This issue can potentially allow a remote attacker to execute arbitrary code, leading to a remote code execution (RCE) scenario. **Recommendations** Update the submodule with commit 2ca42b6e4e098af2d17e487814a91d05f6ae4987 to resolve the issue. As a temporary workaround, consider restricting the use of the `AMQP VALUE` processing functionality until the update is applied.

**Name of the Vulnerable Software and Affected Versions** Azure uAMQP versions prior to 2024-01-01 **Description** The issue is related to an integer overflow or wraparound or memory safety issue in the Azure uAMQP library, which is a general-purpose C library for AMQP 1.0. This library is used by several clients to implement AMQP protocol communication. When clients using this library receive crafted binary type data, the issue can occur and may cause remote code execution. **Recommendations** For Azure uAMQP versions prior to 2024-01-01, update to the release 2024-01-01 or later to patch the vulnerability. As a temporary workaround, consider restricting the reception of crafted binary type data to minimize the risk of exploitation.