Azure Azure-Uamqp-C vulnerabilities
3 known vulnerabilities affecting azure/azure-uamqp-c.
Total CVEs
3
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
CRITICAL2HIGH1
Vulnerabilities
Page 1 of 1
CVE-2024-27099CRITICALCVSS 9.8fixed in 2023-2-082024-02-27
CVE-2024-27099 [CRITICAL] CWE-415 CVE-2024-27099: The uAMQP is a C library for AMQP 1.0 communication to Azure Cloud Services. When processing an inco
The uAMQP is a C library for AMQP 1.0 communication to Azure Cloud Services. When processing an incorrect `AMQP_VALUE` failed state, may cause a double free problem. This may cause a RCE. Update submodule with commit 2ca42b6e4e098af2d17e487814a91d05f6ae4987.
nvd
CVE-2024-25110HIGHCVSS 8.1fixed in 2024-01-012024-02-12
CVE-2024-25110 [HIGH] CWE-94 CVE-2024-25110: The UAMQP is a general purpose C library for AMQP 1.0. During a call to open_get_offered_capabilitie
The UAMQP is a general purpose C library for AMQP 1.0. During a call to open_get_offered_capabilities, a memory allocation may fail causing a use-after-free issue and if a client called it during connection communication it may cause a remote code execution. Users are advised to update the submodule with commit `30865c9c`. There are no known workaround
nvd
CVE-2024-21646CRITICALCVSS 9.8fixed in 2024-01-012024-01-09
CVE-2024-21646 [CRITICAL] CWE-94 CVE-2024-21646: Azure uAMQP is a general purpose C library for AMQP 1.0. The UAMQP library is used by several client
Azure uAMQP is a general purpose C library for AMQP 1.0. The UAMQP library is used by several clients to implement AMQP protocol communication. When clients using this library receive a crafted binary type data, an integer overflow or wraparound or memory safety issue can occur and may cause remote code execution. This vulnerability has been patche
nvd