CVE-2009-5005

5 documents5 sources
Severity
5.0MEDIUM
EPSS
1.6%
top 18.24%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Apache QpidRedhat Enterprise MRG
Timeline
PublishedOct 18
Latest updateMay 2

Description

The Cluster::deliveredEvent function in cluster/Cluster.cpp in Apache Qpid, as used in Red Hat Enterprise MRG before 1.3 and other products, allows remote attackers to cause a denial of service (daemon crash and cluster outage) via invalid AMQP data.

CVSS vector

AV:N/AC:L/C:N/I:N/A:PExploitability: 10.0 | Impact: 2.9

Affected Packages2 packages

NVDapache/qpid0.5

Patches

Patch: svn.apache.orgPatch: rhn.redhat.comPatch: rhn.redhat.com

🔴Vulnerability Details

2
GHSA
GHSA-fc8m-4487-7539: The Cluster::deliveredEvent function in cluster/Cluster2022-05-02
CVEList
CVE-2009-5005: The Cluster::deliveredEvent function in cluster/Cluster2010-10-18

📋Vendor Advisories

1
Red Hat
qpid: crash on receipt of invalid AMQP data2009-06-17

💬Community

1
Bugzilla
CVE-2009-5005 qpid: crash on receipt of invalid AMQP data2010-10-12
CVE-2009-5005 (MEDIUM CVSS 5) | The Cluster::deliveredEvent functio | cvebase.io