Vulnerability Details : CVE-2019-18609
An issue was discovered in amqp_handle_input in amqp_connection.c in rabbitmq-c 0.9.0. There is an integer overflow that leads to heap memory corruption in the handling of CONNECTION_STATE_HEADER. A rogue server could return a malicious frame header that leads to a smaller target_size value than needed. This condition is then carried on to a memcpy function that copies too much data into a heap buffer.
Vulnerability category: OverflowMemory Corruption
Products affected by CVE-2019-18609
- cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*
- cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:esm:*:*:*
- cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*
- cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*
- cpe:2.3:o:canonical:ubuntu_linux:19.10:*:*:*:*:*:*:*
- cpe:2.3:o:canonical:ubuntu_linux:19.04:*:*:*:*:*:*:*
- cpe:2.3:o:fedoraproject:fedora:31:*:*:*:*:*:*:*
- cpe:2.3:o:fedoraproject:fedora:30:*:*:*:*:*:*:*
- cpe:2.3:a:rabbitmq-c_project:rabbitmq-c:*:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2019-18609
2.26%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 83 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2019-18609
| Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
|---|---|---|---|---|---|---|
|
7.5
|
HIGH | AV:N/AC:L/Au:N/C:P/I:P/A:P |
10.0
|
6.4
|
NIST | |
|
9.8
|
CRITICAL | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
3.9
|
5.9
|
NIST |
CWE ids for CVE-2019-18609
-
The product writes data past the end, or before the beginning, of the intended buffer.Assigned by: nvd@nist.gov (Primary)
References for CVE-2019-18609
-
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WA7CPNVYMF6OQNIYNLWUY6U2GTKFOKH3/
[SECURITY] Fedora 30 Update: librabbitmq-0.10.0-1.fc30 - package-announce - Fedora Mailing-ListsThird Party Advisory
-
https://security.gentoo.org/glsa/202003-07
RabbitMQ C client: Arbitrary code execution (GLSA 202003-07) — Gentoo securityThird Party Advisory
-
https://github.com/alanxz/rabbitmq-c/commit/fc85be7123050b91b054e45b91c78d3241a5047a
lib: check frame_size is >= INT32_MAX · alanxz/rabbitmq-c@fc85be7 · GitHubPatch;Third Party Advisory
-
https://usn.ubuntu.com/4214-1/
USN-4214-1: RabbitMQ vulnerability | Ubuntu security noticesThird Party Advisory
-
https://github.com/alanxz/rabbitmq-c/blob/master/ChangeLog.md
rabbitmq-c/ChangeLog.md at master · alanxz/rabbitmq-c · GitHubThird Party Advisory
-
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XQER6XTKYMHNQR7QTHW7DJAH645WQROU/
[SECURITY] Fedora 31 Update: librabbitmq-0.10.0-1.fc31 - package-announce - Fedora Mailing-ListsThird Party Advisory
-
https://news.ycombinator.com/item?id=21681976
RabbitMQ integer overflow that leads to heap memory corruption | Hacker NewsIssue Tracking;Third Party Advisory
-
https://usn.ubuntu.com/4214-2/
USN-4214-2: RabbitMQ vulnerability | Ubuntu security noticesThird Party Advisory
-
https://lists.debian.org/debian-lts-announce/2019/12/msg00004.html
[SECURITY] [DLA 2022-1] librabbitmq security updateMailing List;Third Party Advisory
Jump to