cbcvebase.
CVE-2024-21646
published 2024-01-09

CVE-2024-21646: Azure uAMQP is a general purpose C library for AMQP 1.0. The UAMQP library is used by several clients to implement AMQP protocol communication. When clients…

PriorityP262critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
EPSS
5.11%
91.3th percentile
Azure uAMQP is a general purpose C library for AMQP 1.0. The UAMQP library is used by several clients to implement AMQP protocol communication. When clients using this library receive a crafted binary type data, an integer overflow or wraparound or memory safety issue can occur and may cause remote code execution. This vulnerability has been patched in release 2024-01-01.

Affected

11 ranges
VendorProductVersion rangeFixed in
azureazure-uamqp-c< 2024-01-012024-01-01
debianazure-uamqp-python< azure-uamqp-python 1.6.8-1 (forky)azure-uamqp-python 1.6.8-1 (forky)
microsoftazure_uamqp< 2024-01-012024-01-01
msrcazl3_azure-iot-sdk-c_2023.08.07-1_on_azure_linux_3.0
msrcazl3_azure-iot-sdk-c_2024.03.04-1_on_azure_linux_3.0
msrcazure_linux_3.0_arm
msrcazure_linux_3.0_x64
msrccbl2_azure-iot-sdk-c_2022.01.21-2_on_cbl_mariner_2.0
msrccbl2_azure-iot-sdk-c_2022.01.21-4_on_cbl_mariner_2.0
msrccbl_mariner_2.0_arm
msrccbl_mariner_2.0_x64

Detection & IOCsextracted from sources · hover to see the quote

  • Vulnerability is triggered when a client receives crafted binary type data over AMQP 1.0 protocol, leading to integer overflow/wraparound or memory safety issue in the uAMQP C library
  • Monitor AMQP 1.0 traffic for malformed or oversized binary type fields that could trigger integer overflow in the Azure uAMQP (libuamqp) parsing logic
  • Affected library: Azure uAMQP C library (azure-uamqp-c); fixed in Debian/Ubuntu package version 1.6.8-1 — flag hosts running older versions
  • Patch baseline: azure-uamqp-c release dated 2024-01-01 is the fixed version; any deployment using a pre-2024-01-01 release of the library is vulnerable
  • ·Scope is listed as 'local' in the Debian security tracker, which may affect exploitability assessment depending on deployment context
  • ·Debian bookworm and bullseye remain unpatched ('open') as of the tracker snapshot — environments running those releases are still vulnerable

CVSS provenance

nvdv3.19.8CRITICALCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
osv9.8CRITICAL
vendor_debian9.8CRITICAL
vendor_msrc9.8CRITICAL
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.