CVE-2012-4459

Name of the Vulnerable Software and Affected Versions Apache Qpid versions 0.20 and earlier

Description The issue is related to an integer overflow in the qpid::framing::Buffer::checkAvailable function, which allows remote attackers to cause a denial of service (crash) via a crafted message. This crafted message triggers an out-of-bounds read.

Recommendations For Apache Qpid versions 0.20 and earlier, consider upgrading to a version later than 0.20 to resolve the issue. As a temporary workaround, restrict access to the qpid::framing::Buffer::checkAvailable function to minimize the risk of exploitation.