CVE-2012-4458

CWE-1898 documents6 sources
Severity
5.0MEDIUM
EPSS
2.5%
top 14.65%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Apache Qpid
Timeline
PublishedMar 14
Latest updateMay 17

Description

The AMQP type decoder in Apache Qpid 0.20 and earlier allows remote attackers to cause a denial of service (memory consumption and server crash) via a large number of zero width elements in the client-properties map in a connection.start-ok message.

CVSS vector

AV:N/AC:L/C:N/I:N/A:PExploitability: 10.0 | Impact: 2.9

Affected Packages1 packages

â–¶NVDapache/qpid0.20+15

Patches

Patch: svn.apache.org ↗Patch: svn.apache.org ↗

🔴Vulnerability Details

3
GHSA
GHSA-qggc-rjcq-ppj4: The AMQP type decoder in Apache Qpid 0↗2022-05-17
â–¶
OSV
CVE-2012-4458: The AMQP type decoder in Apache Qpid 0↗2013-03-14
â–¶
CVEList
CVE-2012-4458: The AMQP type decoder in Apache Qpid 0↗2013-03-12
â–¶

📋Vendor Advisories

1
Red Hat
qpid-cpp: long arrays of zero-width types cause a denial of service↗2013-03-05
â–¶

💬Community

2
Bugzilla
CVE-2012-4446 CVE-2012-4458 CVE-2012-4459 qpid-cpp various flaws [fedora-all]↗2013-03-06
â–¶
Bugzilla
CVE-2012-4458 qpid-cpp: long arrays of zero-width types cause a denial of service↗2012-09-27
â–¶
CVE-2012-4458 (MEDIUM CVSS 5) | The AMQP type decoder in Apache Qpi | cvebase.io