CVE-2019-18609

librabbitmq: integer overflow in amqp_handle_input in amqp_connection.c leads to heap-based buffer overflow

Severity Score

9.8

*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

*SSVC

Descriptions

An issue was discovered in amqp_handle_input in amqp_connection.c in rabbitmq-c 0.9.0. There is an integer overflow that leads to heap memory corruption in the handling of CONNECTION_STATE_HEADER. A rogue server could return a malicious frame header that leads to a smaller target_size value than needed. This condition is then carried on to a memcpy function that copies too much data into a heap buffer.

Se detectó un problema en la función amqp_handle_input en el archivo amqp_connection.c en rabbitmq-c versión 0.9.0. Se presenta un desbordamiento de enteros que conlleva a una corrupción de memoria de la pila en el manejo de CONNECTION_STATE_HEADER. Un servidor no autorizado podría devolver un encabezado de trama malicioso que conlleva a un valor de target_size más pequeño de lo necesario. Esta condición se transfiere a una función memcpy que copia demasiados datos en un búfer de la pila.

*Credits: N/A

CVSS Scores

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

High

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

Low

Integrity

Low

Availability

High

Attack Vector

Network

Attack Complexity

Low

Authentication

None

Confidentiality

Partial

Integrity

Partial

Availability

Partial

* Common Vulnerability Scoring System

SSVC

Decision:-

Exploitation

Automatable

Tech. Impact

* Organization's Worst-case Scenario

Timeline

2019-10-29 CVE Reserved
2019-12-01 CVE Published
2024-03-26 EPSS Updated
2024-08-05 CVE Updated
---------- Exploited in Wild
---------- KEV Due Date
---------- First Exploit

CWE

CWE-122: Heap-based Buffer Overflow
CWE-787: Out-of-bounds Write

CAPEC

References (11)

URL	Tag	Source
https://github.com/alanxz/rabbitmq-c/blob/master/ChangeLog.md	Third Party Advisory
https://lists.debian.org/debian-lts-announce/2019/12/msg00004.html	Mailing List
https://news.ycombinator.com/item?id=21681976	Issue Tracking

URL	Date	SRC

URL	Date	SRC
https://github.com/alanxz/rabbitmq-c/commit/fc85be7123050b91b054e45b91c78d3241a5047a	2023-11-07

URL	Date	SRC
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WA7CPNVYMF6OQNIYNLWUY6U2GTKFOKH3	2023-11-07
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XQER6XTKYMHNQR7QTHW7DJAH645WQROU	2023-11-07
https://security.gentoo.org/glsa/202003-07	2023-11-07
https://usn.ubuntu.com/4214-1	2023-11-07
https://usn.ubuntu.com/4214-2	2023-11-07
https://access.redhat.com/security/cve/CVE-2019-18609	2020-11-04
https://bugzilla.redhat.com/show_bug.cgi?id=1786646	2020-11-04

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Rabbitmq-c Project Search vendor "Rabbitmq-c Project"		Rabbitmq-c Search vendor "Rabbitmq-c Project" for product "Rabbitmq-c"				< 0.10.0 Search vendor "Rabbitmq-c Project" for product "Rabbitmq-c" and version " < 0.10.0"		-		Affected
Fedoraproject Search vendor "Fedoraproject"		Fedora Search vendor "Fedoraproject" for product "Fedora"				30 Search vendor "Fedoraproject" for product "Fedora" and version "30"		-		Affected
Fedoraproject Search vendor "Fedoraproject"		Fedora Search vendor "Fedoraproject" for product "Fedora"				31 Search vendor "Fedoraproject" for product "Fedora" and version "31"		-		Affected
Canonical Search vendor "Canonical"		Ubuntu Linux Search vendor "Canonical" for product "Ubuntu Linux"				14.04 Search vendor "Canonical" for product "Ubuntu Linux" and version "14.04"		esm		Affected
Canonical Search vendor "Canonical"		Ubuntu Linux Search vendor "Canonical" for product "Ubuntu Linux"				16.04 Search vendor "Canonical" for product "Ubuntu Linux" and version "16.04"		lts		Affected
Canonical Search vendor "Canonical"		Ubuntu Linux Search vendor "Canonical" for product "Ubuntu Linux"				18.04 Search vendor "Canonical" for product "Ubuntu Linux" and version "18.04"		lts		Affected
Canonical Search vendor "Canonical"		Ubuntu Linux Search vendor "Canonical" for product "Ubuntu Linux"				19.04 Search vendor "Canonical" for product "Ubuntu Linux" and version "19.04"		-		Affected
Canonical Search vendor "Canonical"		Ubuntu Linux Search vendor "Canonical" for product "Ubuntu Linux"				19.10 Search vendor "Canonical" for product "Ubuntu Linux" and version "19.10"		-		Affected
Debian Search vendor "Debian"		Debian Linux Search vendor "Debian" for product "Debian Linux"				8.0 Search vendor "Debian" for product "Debian Linux" and version "8.0"		-		Affected