CVE-2024-21646Code Injection in Azure-uamqp-c

CWE-94Code InjectionCWE-190Integer Overflow or Wraparound4 documents4 sources
Severity
9.8CRITICALNVD
EPSS
2.6%
top 14.47%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
11
Azure Azure-uamqp-cMicrosoft Azure UamqpDebian Azure-uamqp-python+8 more
Timeline
PublishedJan 9

Description

Azure uAMQP is a general purpose C library for AMQP 1.0. The UAMQP library is used by several clients to implement AMQP protocol communication. When clients using this library receive a crafted binary type data, an integer overflow or wraparound or memory safety issue can occur and may cause remote code execution. This vulnerability has been patched in release 2024-01-01.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 3.9 | Impact: 5.9

Affected Packages11 packages

CVEListV5azure/azure-uamqp-c< 2024-01-01
NVDmicrosoft/azure_uamqp< 2024-01-01
debiandebian/azure-uamqp-python< azure-uamqp-python 1.6.8-1 (forky)

Patches

Patch: github.comPatch: github.com

🔴Vulnerability Details

1
OSV
CVE-2024-21646: Azure uAMQP is a general purpose C library for AMQP 12024-01-09

📋Vendor Advisories

2
Microsoft
Azure IoT Platform Device SDK Remote Code Execution Vulnerability2024-01-09
Debian
CVE-2024-21646: azure-uamqp-python - Azure uAMQP is a general purpose C library for AMQP 1.0. The UAMQP library is us...2024