CVE-2024-25110

The UAMQP is a general purpose C library for AMQP 1.0. During a call to open_get_offered_capabilities, a memory allocation may fail causing a use-after-free issue and if a client called it during connection communication it may cause a remote code execution. Users are advised to update the submodule with commit `30865c9c`. There are no known workarounds for this vulnerability.
Configurations

Configuration 1 (hide)

cpe:2.3:a:microsoft:azure_uamqp:*:*:*:*:*:c:*:*

History

22 Nov 2024, 14:48

Type Values Removed Values Added
References () https://github.com/Azure/azure-uamqp-c/commit/30865c9ccedaa32ddb036e87a8ebb52c3f18f695 - Patch () https://github.com/Azure/azure-uamqp-c/commit/30865c9ccedaa32ddb036e87a8ebb52c3f18f695 - Patch
References () https://github.com/Azure/azure-uamqp-c/security/advisories/GHSA-c646-4whf-r67v - Vendor Advisory () https://github.com/Azure/azure-uamqp-c/security/advisories/GHSA-c646-4whf-r67v - Vendor Advisory
First Time Microsoft azure Uamqp
Microsoft
CPE cpe:2.3:a:azure:uamqp:*:*:*:*:*:*:*:* cpe:2.3:a:microsoft:azure_uamqp:*:*:*:*:*:c:*:*
CVSS v2 : unknown
v3 : 8.1
v2 : unknown
v3 : 9.8

11 Oct 2024, 21:55

Type Values Removed Values Added
References () https://github.com/Azure/azure-uamqp-c/commit/30865c9ccedaa32ddb036e87a8ebb52c3f18f695 - () https://github.com/Azure/azure-uamqp-c/commit/30865c9ccedaa32ddb036e87a8ebb52c3f18f695 - Patch
References () https://github.com/Azure/azure-uamqp-c/security/advisories/GHSA-c646-4whf-r67v - () https://github.com/Azure/azure-uamqp-c/security/advisories/GHSA-c646-4whf-r67v - Vendor Advisory
First Time Azure uamqp
Azure
CWE CWE-416
Summary
  • (es) UAMQP es una librería C de uso general para AMQP 1.0. Durante una llamada a open_get_offered_capabilities, una asignación de memoria puede fallar causando un problema de use-after-free y si un cliente lo llamó durante la comunicación de conexión, puede causar una ejecución remota de código. Se recomienda a los usuarios actualizar el submódulo con el commit `30865c9c`. No se conocen workarounds para esta vulnerabilidad.
CPE cpe:2.3:a:azure:uamqp:*:*:*:*:*:*:*:*
CVSS v2 : unknown
v3 : 9.8
v2 : unknown
v3 : 8.1

12 Feb 2024, 20:15

Type Values Removed Values Added
New CVE

Information

Published : 2024-02-12 20:15

Updated : 2024-11-22 14:48


NVD link : CVE-2024-25110

Mitre link : CVE-2024-25110

CVE.ORG link : CVE-2024-25110


JSON object : View

Products Affected

microsoft

  • azure_uamqp
CWE
CWE-94

Improper Control of Generation of Code ('Code Injection')

CWE-416

Use After Free