ID CVE-2019-18609
Summary An issue was discovered in amqp_handle_input in amqp_connection.c in rabbitmq-c 0.9.0. There is an integer overflow that leads to heap memory corruption in the handling of CONNECTION_STATE_HEADER. A rogue server could return a malicious frame header that leads to a smaller target_size value than needed. This condition is then carried on to a memcpy function that copies too much data into a heap buffer.
References
Vulnerable Configurations
  • cpe:2.3:a:rabbitmq-c_project:rabbitmq-c:0.9.0:*:*:*:*:*:*:*
    cpe:2.3:a:rabbitmq-c_project:rabbitmq-c:0.9.0:*:*:*:*:*:*:*
  • cpe:2.3:o:fedoraproject:fedora:30:*:*:*:*:*:*:*
    cpe:2.3:o:fedoraproject:fedora:30:*:*:*:*:*:*:*
  • cpe:2.3:o:fedoraproject:fedora:31:*:*:*:*:*:*:*
    cpe:2.3:o:fedoraproject:fedora:31:*:*:*:*:*:*:*
  • cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:esm:*:*:*
    cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:esm:*:*:*
  • cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*
    cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*
  • cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*
    cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*
  • cpe:2.3:o:canonical:ubuntu_linux:19.04:*:*:*:*:*:*:*
    cpe:2.3:o:canonical:ubuntu_linux:19.04:*:*:*:*:*:*:*
  • cpe:2.3:o:canonical:ubuntu_linux:19.10:*:*:*:*:*:*:*
    cpe:2.3:o:canonical:ubuntu_linux:19.10:*:*:*:*:*:*:*
  • cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*
    cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*
CVSS
Base: 7.5 (as of 01-01-2022 - 20:06)
Impact:
Exploitability:
CWE CWE-787
CAPEC
Access
VectorComplexityAuthentication
NETWORK LOW NONE
Impact
ConfidentialityIntegrityAvailability
PARTIAL PARTIAL PARTIAL
cvss-vector via4 AV:N/AC:L/Au:N/C:P/I:P/A:P
redhat via4
advisories
  • bugzilla
    id 1786646
    title CVE-2019-18609 librabbitmq: integer overflow in amqp_handle_input in amqp_connection.c leads to heap-based buffer overflow
    oval
    OR
    • comment Red Hat Enterprise Linux must be installed
      oval oval:com.redhat.rhba:tst:20070304026
    • AND
      • comment Red Hat Enterprise Linux 7 is installed
        oval oval:com.redhat.rhba:tst:20150364027
      • OR
        • AND
          • comment librabbitmq is earlier than 0:0.8.0-3.el7
            oval oval:com.redhat.rhsa:tst:20203949001
          • comment librabbitmq is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhsa:tst:20203949002
        • AND
          • comment librabbitmq-devel is earlier than 0:0.8.0-3.el7
            oval oval:com.redhat.rhsa:tst:20203949003
          • comment librabbitmq-devel is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhsa:tst:20203949004
        • AND
          • comment librabbitmq-examples is earlier than 0:0.8.0-3.el7
            oval oval:com.redhat.rhsa:tst:20203949005
          • comment librabbitmq-examples is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhsa:tst:20203949006
    rhsa
    id RHSA-2020:3949
    released 2020-09-29
    severity Moderate
    title RHSA-2020:3949: librabbitmq security update (Moderate)
  • bugzilla
    id 1786646
    title heap-based buffer overflow
    oval
    OR
    • comment Red Hat Enterprise Linux must be installed
      oval oval:com.redhat.rhba:tst:20070304026
    • AND
      • comment Red Hat Enterprise Linux 8 is installed
        oval oval:com.redhat.rhba:tst:20193384074
      • OR
        • AND
          • comment librabbitmq is earlier than 0:0.9.0-2.el8
            oval oval:com.redhat.rhsa:tst:20204445001
          • comment librabbitmq is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhsa:tst:20203949002
        • AND
          • comment librabbitmq-debugsource is earlier than 0:0.9.0-2.el8
            oval oval:com.redhat.rhsa:tst:20204445003
          • comment librabbitmq-debugsource is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhsa:tst:20204445004
        • AND
          • comment librabbitmq-devel is earlier than 0:0.9.0-2.el8
            oval oval:com.redhat.rhsa:tst:20204445005
          • comment librabbitmq-devel is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhsa:tst:20203949004
    rhsa
    id RHSA-2020:4445
    released 2020-11-04
    severity Moderate
    title RHSA-2020:4445: librabbitmq security update (Moderate)
rpms
  • librabbitmq-0:0.8.0-3.el7
  • librabbitmq-debuginfo-0:0.8.0-3.el7
  • librabbitmq-devel-0:0.8.0-3.el7
  • librabbitmq-examples-0:0.8.0-3.el7
  • librabbitmq-0:0.9.0-2.el8
  • librabbitmq-debuginfo-0:0.9.0-2.el8
  • librabbitmq-debugsource-0:0.9.0-2.el8
  • librabbitmq-devel-0:0.9.0-2.el8
  • librabbitmq-tools-debuginfo-0:0.9.0-2.el8
refmap via4
confirm https://github.com/alanxz/rabbitmq-c/commit/fc85be7123050b91b054e45b91c78d3241a5047a
fedora
  • FEDORA-2019-8730b65158
  • FEDORA-2019-dd7c8f5435
gentoo GLSA-202003-07
misc
mlist [debian-lts-announce] 20191206 [SECURITY] [DLA 2022-1] librabbitmq security update
ubuntu
  • USN-4214-1
  • USN-4214-2
Last major update 01-01-2022 - 20:06
Published 01-12-2019 - 22:15
Last modified 01-01-2022 - 20:06
Back to Top