CVE-2019-18609 — Out-of-bounds Write in Project Rabbitmq-c
Severity
9.8CRITICALNVD
EPSS
2.8%
top 13.96%
CISA KEV
Not in KEV
Exploit
No known exploits
Timeline
PublishedDec 1
Latest updateMay 24
Description
An issue was discovered in amqp_handle_input in amqp_connection.c in rabbitmq-c 0.9.0. There is an integer overflow that leads to heap memory corruption in the handling of CONNECTION_STATE_HEADER. A rogue server could return a malicious frame header that leads to a smaller target_size value than needed. This condition is then carried on to a memcpy function that copies too much data into a heap buffer.
CVSS vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 3.9 | Impact: 5.9
Affected Packages2 packages
Also affects: Debian Linux 8.0, Fedora 30, 31, Ubuntu Linux 14.04, 16.04, 18.04, 19.04, 19.10