CVE-2024-27099

Description

The uAMQP is a C library for AMQP 1.0 communication to Azure Cloud Services. When processing an incorrect `AMQP_VALUE` failed state, may cause a double free problem. This may cause a RCE. Update submodule with commit 2ca42b6e4e098af2d17e487814a91d05f6ae4987.

CVSS breakdown

CVSS 3.1

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

High

Affected products

Azure / azure-uamqp-c< 2023-2-08 – < 2023-2-08

References

VENDOR_ADVISORYhttps://github.com/Azure/azure-uamqp-c/security/advisories/GHSA-6rh4-fj44-v4jj
PATCHhttps://github.com/Azure/azure-uamqp-c/commit/2ca42b6e4e098af2d17e487814a91d05f6ae4987