CVE-2012-4460

CWE-119Buffer Overflow6 documents6 sources
Severity
5.0MEDIUM
EPSS
3.6%
top 12.22%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Apache Qpid
Timeline
PublishedMar 14
Latest updateMay 17

Description

The serializing/deserializing functions in the qpid::framing::Buffer class in Apache Qpid 0.20 and earlier allow remote attackers to cause a denial of service (assertion failure and daemon exit) via unspecified vectors. NOTE: this issue could also trigger an out-of-bounds read, but it might not trigger a crash.

CVSS vector

AV:N/AC:L/C:N/I:N/A:PExploitability: 10.0 | Impact: 2.9

Affected Packages1 packages

NVDapache/qpid0.20+15

Patches

Patch: svn.apache.orgPatch: svn.apache.org

🔴Vulnerability Details

3
GHSA
GHSA-ph25-q4qw-rp97: The serializing/deserializing functions in the qpid::framing::Buffer class in Apache Qpid 02022-05-17
OSV
CVE-2012-4460: The serializing/deserializing functions in the qpid::framing::Buffer class in Apache Qpid 02013-03-14
CVEList
CVE-2012-4460: The serializing/deserializing functions in the qpid::framing::Buffer class in Apache Qpid 02013-03-12

📋Vendor Advisories

1
Red Hat
qpid-cpp: lack of bounds checking in qpid::framing::Buffer can lead to DoS if asserts are enabled2013-03-05

💬Community

1
Bugzilla
CVE-2012-4460 qpid-cpp: lack of bounds checking in qpid::framing::Buffer can lead to DoS if asserts are enabled2012-09-27
CVE-2012-4460 (MEDIUM CVSS 5) | The serializing/deserializing funct | cvebase.io