CVE-2024-21646

CRITICAL

Microsoft Azure Uamqp < 2024-01-01 - Integer Overflow

Title source: rule

Description

Azure uAMQP is a general purpose C library for AMQP 1.0. The UAMQP library is used by several clients to implement AMQP protocol communication. When clients using this library receive a crafted binary type data, an integer overflow or wraparound or memory safety issue can occur and may cause remote code execution. This vulnerability has been patched in release 2024-01-01.

References (2)

Core 2

Core References

Vendor Advisory x_refsource_confirm

https://github.com/Azure/azure-uamqp-c/security/advisories/GHSA-j29m-p99g-7hpv

Patch x_refsource_misc

https://github.com/Azure/azure-uamqp-c/commit/12ddb3a31a5a97f55b06fa5d74c59a1d84ad78fe

View Patch ZIP pw:eip

Scores

CVSS v3 9.8

EPSS 0.0256

EPSS Percentile 85.6%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment

Exploitation none

Automatable yes

Technical Impact total

Details

CWE

CWE-190 CWE-94

Status published

Products (1)

microsoft/azure_uamqp < 2024-01-01

Published Jan 09, 2024

Tracked Since Feb 18, 2026