PT-2019-6511 · Apache · Qpid-Cpp

Vincent Danen

Published

2019-11-09

Updated

2019-11-12

CVE-2009-5004

CVSS v2.0

4.0

Medium

Vector

AV:N/AC:L/Au:S/C:N/I:N/A:P

Name of the Vulnerable Software and Affected Versions qpid-cpp version 1.0

Description The issue occurs when a large message is sent and the Digest-MD5 mechanism with a security layer is in use, causing qpid-cpp to crash.

Recommendations For qpid-cpp version 1.0, consider disabling the Digest-MD5 mechanism with a security layer as a temporary workaround until a patch is available. Restrict the size of messages to prevent crashes.

Fix

RCE

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-20

Related Identifiers

CVE-2009-5004

Affected Products

Qpid-Cpp

PT-2019-6511 · Apache · Qpid-Cpp

CVE-2009-5004

Weakness Enumeration

Related Identifiers

Affected Products

References · 6