Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

debian логотип

CVE-2024-21646

Опубликовано: 09 янв. 2024
Источник: debian

Описание

Azure uAMQP is a general purpose C library for AMQP 1.0. The UAMQP library is used by several clients to implement AMQP protocol communication. When clients using this library receive a crafted binary type data, an integer overflow or wraparound or memory safety issue can occur and may cause remote code execution. This vulnerability has been patched in release 2024-01-01.

Пакеты

ПакетСтатусВерсия исправленияРелизТип
azure-uamqp-pythonfixed1.6.8-1package
azure-uamqp-pythonno-dsabookwormpackage
azure-uamqp-pythonno-dsabullseyepackage

Примечания

  • https://github.com/Azure/azure-uamqp-c/security/advisories/GHSA-j29m-p99g-7hpv

  • https://github.com/Azure/azure-uamqp-c/commit/12ddb3a31a5a97f55b06fa5d74c59a1d84ad78fe

  • https://github.com/Azure/azure-uamqp-python/issues/372

  • https://github.com/Azure/azure-uamqp-python/commit/c85efcd12c249999eb8a1064b7d4fd8c7715c780 (v1.6.7)

Связанные уязвимости

ubuntu логотип

CVE-2024-21646

CVSS3: 9.8
ubuntu
около 2 лет назад

Azure uAMQP is a general purpose C library for AMQP 1.0. The UAMQP library is used by several clients to implement AMQP protocol communication. When clients using this library receive a crafted binary type data, an integer overflow or wraparound or memory safety issue can occur and may cause remote code execution. This vulnerability has been patched in release 2024-01-01.

nvd логотип

CVE-2024-21646

CVSS3: 9.8
nvd
около 2 лет назад

Azure uAMQP is a general purpose C library for AMQP 1.0. The UAMQP library is used by several clients to implement AMQP protocol communication. When clients using this library receive a crafted binary type data, an integer overflow or wraparound or memory safety issue can occur and may cause remote code execution. This vulnerability has been patched in release 2024-01-01.

msrc логотип

CVE-2024-21646

CVSS3: 9.8
msrc
около 2 лет назад

Описание отсутствует

suse-cvrf логотип

SUSE-SU-2024:0323-1

suse-cvrf
около 2 лет назад

Security update for python-uamqp

fstec логотип

BDU:2024-02931

CVSS3: 9.8
fstec
около 2 лет назад

Уязвимость библиотеки языка C для взаимодействия с сервисами Azure uAMQP, связанная с целочисленным переполнением, позволяющая нарушителю выполнить произвольный код