Description
Integer overflow in the qpid::framing::Buffer::checkAvailable function in Apache Qpid 0.20 and earlier allows remote attackers to cause a denial of service (crash) via a crafted message, which triggers an out-of-bounds read.
References (7)
Core 7
Core References
Issue Tracking x_refsource_misc
https://bugzilla.redhat.com/show_bug.cgi?id=861241
Issue Tracking x_refsource_confirm
https://issues.apache.org/jira/issues/?jql=fixVersion%20%3D%20%220.21%22%20AND%20project%20%3D%20QPID
Vendor Advisory vendor-advisory
x_refsource_redhat
http://rhn.redhat.com/errata/RHSA-2013-0561.html
Various Sources x_refsource_confirm
https://issues.apache.org/jira/browse/QPID-4629
Vendor Advisory vendor-advisory
x_refsource_redhat
http://rhn.redhat.com/errata/RHSA-2013-0562.html
Patch x_refsource_confirm
http://svn.apache.org/viewvc?view=revision&revision=1453031
Vendor Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/52516
Scores
EPSS
0.0921
EPSS Percentile
94.8%
Details
CWE
CWE-189
Status
published
Products (16)
apache/qpid
0.5
apache/qpid
0.6
apache/qpid
0.7
apache/qpid
0.8
apache/qpid
0.9
apache/qpid
0.10
apache/qpid
0.11
apache/qpid
0.12
apache/qpid
0.13
apache/qpid
0.14
... and 6 more
Published
Mar 14, 2013
Tracked Since
Feb 18, 2026