ID |
CVE-2019-18609
|
Summary |
An issue was discovered in amqp_handle_input in amqp_connection.c in rabbitmq-c 0.9.0. There is an integer overflow that leads to heap memory corruption in the handling of CONNECTION_STATE_HEADER. A rogue server could return a malicious frame header that leads to a smaller target_size value than needed. This condition is then carried on to a memcpy function that copies too much data into a heap buffer. |
References |
|
Vulnerable Configurations |
-
cpe:2.3:a:rabbitmq-c_project:rabbitmq-c:0.9.0:*:*:*:*:*:*:*
cpe:2.3:a:rabbitmq-c_project:rabbitmq-c:0.9.0:*:*:*:*:*:*:*
-
cpe:2.3:o:fedoraproject:fedora:30:*:*:*:*:*:*:*
cpe:2.3:o:fedoraproject:fedora:30:*:*:*:*:*:*:*
-
cpe:2.3:o:fedoraproject:fedora:31:*:*:*:*:*:*:*
cpe:2.3:o:fedoraproject:fedora:31:*:*:*:*:*:*:*
-
cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:esm:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:esm:*:*:*
-
cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*
-
cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*
-
cpe:2.3:o:canonical:ubuntu_linux:19.04:*:*:*:*:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:19.04:*:*:*:*:*:*:*
-
cpe:2.3:o:canonical:ubuntu_linux:19.10:*:*:*:*:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:19.10:*:*:*:*:*:*:*
-
cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*
|
CVSS |
Base: | 7.5 (as of 01-01-2022 - 20:06) |
Impact: | |
Exploitability: | |
|
CWE |
CWE-787 |
CAPEC |
|
Access |
Vector | Complexity | Authentication |
NETWORK |
LOW |
NONE |
|
Impact |
Confidentiality | Integrity | Availability |
PARTIAL |
PARTIAL |
PARTIAL |
|
cvss-vector
via4
|
AV:N/AC:L/Au:N/C:P/I:P/A:P
|
redhat
via4
|
advisories | bugzilla | id | 1786646 | title | CVE-2019-18609 librabbitmq: integer overflow in amqp_handle_input in amqp_connection.c leads to heap-based buffer overflow |
| oval | OR | comment | Red Hat Enterprise Linux must be installed | oval | oval:com.redhat.rhba:tst:20070304026 |
AND | comment | Red Hat Enterprise Linux 7 is installed | oval | oval:com.redhat.rhba:tst:20150364027 |
OR | AND | comment | librabbitmq is earlier than 0:0.8.0-3.el7 | oval | oval:com.redhat.rhsa:tst:20203949001 |
comment | librabbitmq is signed with Red Hat redhatrelease2 key | oval | oval:com.redhat.rhsa:tst:20203949002 |
|
AND | comment | librabbitmq-devel is earlier than 0:0.8.0-3.el7 | oval | oval:com.redhat.rhsa:tst:20203949003 |
comment | librabbitmq-devel is signed with Red Hat redhatrelease2 key | oval | oval:com.redhat.rhsa:tst:20203949004 |
|
AND | comment | librabbitmq-examples is earlier than 0:0.8.0-3.el7 | oval | oval:com.redhat.rhsa:tst:20203949005 |
comment | librabbitmq-examples is signed with Red Hat redhatrelease2 key | oval | oval:com.redhat.rhsa:tst:20203949006 |
|
|
|
|
| rhsa | id | RHSA-2020:3949 | released | 2020-09-29 | severity | Moderate | title | RHSA-2020:3949: librabbitmq security update (Moderate) |
|
bugzilla | id | 1786646 | title | heap-based buffer overflow |
| oval | OR | comment | Red Hat Enterprise Linux must be installed | oval | oval:com.redhat.rhba:tst:20070304026 |
AND | comment | Red Hat Enterprise Linux 8 is installed | oval | oval:com.redhat.rhba:tst:20193384074 |
OR | AND | comment | librabbitmq is earlier than 0:0.9.0-2.el8 | oval | oval:com.redhat.rhsa:tst:20204445001 |
comment | librabbitmq is signed with Red Hat redhatrelease2 key | oval | oval:com.redhat.rhsa:tst:20203949002 |
|
AND | comment | librabbitmq-debugsource is earlier than 0:0.9.0-2.el8 | oval | oval:com.redhat.rhsa:tst:20204445003 |
comment | librabbitmq-debugsource is signed with Red Hat redhatrelease2 key | oval | oval:com.redhat.rhsa:tst:20204445004 |
|
AND | comment | librabbitmq-devel is earlier than 0:0.9.0-2.el8 | oval | oval:com.redhat.rhsa:tst:20204445005 |
comment | librabbitmq-devel is signed with Red Hat redhatrelease2 key | oval | oval:com.redhat.rhsa:tst:20203949004 |
|
|
|
|
| rhsa | id | RHSA-2020:4445 | released | 2020-11-04 | severity | Moderate | title | RHSA-2020:4445: librabbitmq security update (Moderate) |
|
| rpms | - librabbitmq-0:0.8.0-3.el7
- librabbitmq-debuginfo-0:0.8.0-3.el7
- librabbitmq-devel-0:0.8.0-3.el7
- librabbitmq-examples-0:0.8.0-3.el7
- librabbitmq-0:0.9.0-2.el8
- librabbitmq-debuginfo-0:0.9.0-2.el8
- librabbitmq-debugsource-0:0.9.0-2.el8
- librabbitmq-devel-0:0.9.0-2.el8
- librabbitmq-tools-debuginfo-0:0.9.0-2.el8
|
|
refmap
via4
|
|
Last major update |
01-01-2022 - 20:06 |
Published |
01-12-2019 - 22:15 |
Last modified |
01-01-2022 - 20:06 |