CVE-2024-27099 — Double Free in Azure-uamqp-c

CWE-415 — Double Free5 documents5 sources

Severity

9.8CRITICALNVD

EPSS

1.5%

top 18.85%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

11

Azure Azure-uamqp-c Microsoft Azure Uamqp Debian Azure-uamqp-python +8 more

Timeline

PublishedFeb 27

Description

The uAMQP is a C library for AMQP 1.0 communication to Azure Cloud Services. When processing an incorrect `AMQP_VALUE` failed state, may cause a double free problem. This may cause a RCE. Update submodule with commit 2ca42b6e4e098af2d17e487814a91d05f6ae4987.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 3.9 | Impact: 5.9

Affected Packages11 packages

▶CVEListV5azure/azure-uamqp-c< 2023-2-08

▶NVDmicrosoft/azure_uamqp< 2023-2-08

▶debiandebian/azure-uamqp-python< azure-uamqp-python 1.6.8-2 (forky)

▶msrcmsrc/azure_linux_3.0_arm

▶msrcmsrc/azure_linux_3.0_x64

Patches

Patch: github.com ↗Patch: github.com ↗Patch: github.com ↗

🔴Vulnerability Details

1

OSV

CVE-2024-27099: The uAMQP is a C library for AMQP 1↗2024-02-27

▶

📋Vendor Advisories

3

Red Hat

python-uamqp-azure: Double free at link.c↗2024-02-27

▶

Microsoft

Azure IoT Platform Device SDK Double Free Vulnerability↗2024-02-13

▶

Debian

CVE-2024-27099: azure-uamqp-python - The uAMQP is a C library for AMQP 1.0 communication to Azure Cloud Services. Whe...↗2024

▶