CVE-2024-29195 — Classic Buffer Overflow in Azure-c-shared-utility

CWE-120 — Classic Buffer Overflow4 documents4 sources

Severity

8.1HIGHNVD

EPSS

3.3%

top 12.71%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Azure Azure-c-shared-utility Debian Azure-uamqp-python Microsoft Azure C Shared Utility +3 more

Timeline

PublishedMar 26

Description

The azure-c-shared-utility is a C library for AMQP/MQTT communication to Azure Cloud Services. This library may be used by the Azure IoT C SDK for communication between IoT Hub and IoT Hub devices. An attacker can cause an integer wraparound or under-allocation or heap buffer overflow due to vulnerabilities in parameter checking mechanism, by exploiting the buffer length parameter in Azure C SDK, which may lead to remote code execution. Requirements for RCE are 1. Compromised Azure account allow…

CVSS vector

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 2.2 | Impact: 5.9

Affected Packages6 packages

▶CVEListV5azure/azure-c-shared-utility< 2024-02-08

▶NVDmicrosoft/azure_c_shared_utility2023-12-01

▶debiandebian/azure-uamqp-python< azure-uamqp-python 1.6.9-2 (forky)

▶msrcmsrc/azl3_azure-iot-sdk-c_2023.08.07-1_on_azure_linux_3.0

▶msrcmsrc/azl3_azure-iot-sdk-c_2024.03.04-1_on_azure_linux_3.0

Patches

Patch: github.com ↗Patch: github.com ↗Patch: github.com ↗

🔴Vulnerability Details

OSV

CVE-2024-29195: The azure-c-shared-utility is a C library for AMQP/MQTT communication to Azure Cloud Services↗2024-03-26

▶

📋Vendor Advisories

Microsoft

Azure C SDK Integer Wraparound Vulnerability↗2024-03-12

▶

Debian

CVE-2024-29195: azure-uamqp-python - The azure-c-shared-utility is a C library for AMQP/MQTT communication to Azure C...↗2024

▶