CVE-2012-4459

CWE-1898 documents6 sources

Severity

5.0MEDIUM

EPSS

1.5%

top 18.74%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Apache Qpid

Timeline

PublishedMar 14

Latest updateMay 17

Description

Integer overflow in the qpid::framing::Buffer::checkAvailable function in Apache Qpid 0.20 and earlier allows remote attackers to cause a denial of service (crash) via a crafted message, which triggers an out-of-bounds read.

CVSS vector

AV:N/AC:L/C:N/I:N/A:PExploitability: 10.0 | Impact: 2.9

Affected Packages1 packages

▶NVDapache/qpid0.20+15

Patches

Patch: svn.apache.org ↗Patch: svn.apache.org ↗

🔴Vulnerability Details

GHSA

GHSA-f4gr-qh9c-r8fg: Integer overflow in the qpid::framing::Buffer::checkAvailable function in Apache Qpid 0↗2022-05-17

▶

OSV

CVE-2012-4459: Integer overflow in the qpid::framing::Buffer::checkAvailable function in Apache Qpid 0↗2013-03-14

▶

CVEList

CVE-2012-4459: Integer overflow in the qpid::framing::Buffer::checkAvailable function in Apache Qpid 0↗2013-03-12

▶

📋Vendor Advisories

Red Hat

qpid-cpp: crash due to qpid::framing::Buffer::checkAvailable() wraparound↗2013-03-05

▶

💬Community

Bugzilla

CVE-2013-4459 lightdm: guest account restrictions bypass↗2013-11-25

▶

Bugzilla

CVE-2012-4446 CVE-2012-4458 CVE-2012-4459 qpid-cpp various flaws [fedora-all]↗2013-03-06

▶

Bugzilla

CVE-2012-4459 qpid-cpp: crash due to qpid::framing::Buffer::checkAvailable() wraparound↗2012-09-27

▶