Published: 01/12/2019 Updated: 07/11/2023

CVSS v2 Base Score: 7.5 | Impact Score: 6.4 | Exploitability Score: 10

CVSS v3 Base Score: 9.8 | Impact Score: 5.9 | Exploitability Score: 3.9

VMScore: 668

Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P

An issue exists in amqp_handle_input in amqp_connection.c in rabbitmq-c 0.9.0. There is an integer overflow that leads to heap memory corruption in the handling of CONNECTION_STATE_HEADER. A rogue server could return a malicious frame header that leads to a smaller target_size value than needed. This condition is then carried on to a memcpy function that copies too much data into a heap buffer.

Vulnerable Product	Search on Vulmon	Subscribe to Product
rabbitmq-c project rabbitmq-c
fedoraproject fedora 30
fedoraproject fedora 31
canonical ubuntu linux 16.04
canonical ubuntu linux 18.04
canonical ubuntu linux 19.04
canonical ubuntu linux 14.04
canonical ubuntu linux 19.10
debian debian linux 8.0

Debian Bug report logs - #946005 librabbitmq: CVE-2019-18609 Package: src:librabbitmq; Maintainer for src:librabbitmq is Michael Fladischer <fladi@debianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Mon, 2 Dec 2019 19:54:01 UTC Severity: important Tags: security, upstream Found in version libra ...

RabbitMQ could be made to execute arbitrary code if it received a specially crafted input ...

Synopsis Moderate: librabbitmq security update Type/Severity Security Advisory: Moderate Topic An update for librabbitmq is now available for Red Hat Enterprise Linux 7Red Hat Product Security has rated this update as having a security impact of Moderate A Common Vulnerability Scoring System (CVSS) base s ...

Synopsis Moderate: librabbitmq security update Type/Severity Security Advisory: Moderate Topic An update for librabbitmq is now available for Red Hat Enterprise Linux 8Red Hat Product Security has rated this update as having a security impact of Moderate A Common Vulnerability Scoring System (CVSS) base s ...

Synopsis Moderate: Red Hat OpenShift Container Storage 460 security, bug fix, enhancement update Type/Severity Security Advisory: Moderate Topic Updated images are now available for Red Hat OpenShift Container Storage 460 on Red Hat Enterprise Linux 8Red Hat Product Security has rated this update as ha ...

An issue was discovered in amqp_handle_input in amqp_connectionc in rabbitmq-c 090 There is an integer overflow that leads to heap memory corruption in the handling of CONNECTION_STATE_HEADER A rogue server could return a malicious frame header that leads to a smaller target_size value than needed This condition is then carried on to a memcpy ...

CWE-787 https://github.com/alanxz/rabbitmq-c/commit/fc85be7123050b91b054e45b91c78d3241a5047a https://github.com/alanxz/rabbitmq-c/blob/master/ChangeLog.md https://news.ycombinator.com/item?id=21681976 https://usn.ubuntu.com/4214-1/https://lists.debian.org/debian-lts-announce/2019/12/msg00004.html https://usn.ubuntu.com/4214-2/https://security.gentoo.org/glsa/202003-07 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WA7CPNVYMF6OQNIYNLWUY6U2GTKFOKH3/https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XQER6XTKYMHNQR7QTHW7DJAH645WQROU/https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=946005 https://nvd.nist.gov https://usn.ubuntu.com/4214-2/

CVE-2019-18609

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

References

Vulmon Search

About

Products

Connect