CVE-2024-21646

CVSS v2.0

Critical

Vector

AV:N/AC:L/Au:N/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions Azure uAMQP versions prior to 2024-01-01

Description The issue is related to an integer overflow or wraparound or memory safety issue in the Azure uAMQP library, which is a general-purpose C library for AMQP 1.0. This library is used by several clients to implement AMQP protocol communication. When clients using this library receive crafted binary type data, the issue can occur and may cause remote code execution.

Recommendations For Azure uAMQP versions prior to 2024-01-01, update to the release 2024-01-01 or later to patch the vulnerability. As a temporary workaround, consider restricting the reception of crafted binary type data to minimize the risk of exploitation.

Exploit

Fix

RCE

Integer Overflow

Code Injection

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-190CWE-94

Related Identifiers

AZL-33284

AZL-34555

BDU:2024-02931

CVE-2024-21646

GHSA-J29M-P99G-7HPV

OPENSUSE-SU-2024:13643-1

OPENSUSE-SU-2024_0323-1

SUSE-SU-2024:0323-1

SUSE-SU-2024_0323-1

Affected Products

Azure Uamqp

Debian

Suse

CVE-2024-21646

Weakness Enumeration

Related Identifiers

Affected Products

References · 25