Lucene search

[email protected]CVE-2012-4458

HistoryOct 03, 2022 - 4:15 p.m.

CVE-2012-4458

2022-10-0316:15:34

CWE-189

[email protected]

web.nvd.nist.gov

cve-2012-4458

apache qpid

amqp

denial of service

memory consumption

server crash

5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

6.5 Medium

AI Score

Confidence

Low

0.01 Low

EPSS

Percentile

83.6%

JSON

The AMQP type decoder in Apache Qpid 0.20 and earlier allows remote attackers to cause a denial of service (memory consumption and server crash) via a large number of zero width elements in the client-properties map in a connection.start-ok message.

Affected configurations

NVD

Node

apacheqpidRange≤0.20

apacheqpidMatch0.5

apacheqpidMatch0.6

apacheqpidMatch0.7

apacheqpidMatch0.8

apacheqpidMatch0.9

apacheqpidMatch0.10

apacheqpidMatch0.11

apacheqpidMatch0.12

apacheqpidMatch0.13

apacheqpidMatch0.14

apacheqpidMatch0.15

apacheqpidMatch0.16

apacheqpidMatch0.17

apacheqpidMatch0.18

apacheqpidMatch0.19

CPENameOperatorVersion
apache:qpidapache qpidle0.20
apache:qpidapache qpideq0.5
apache:qpidapache qpideq0.6
apache:qpidapache qpideq0.7
apache:qpidapache qpideq0.8
apache:qpidapache qpideq0.9
apache:qpidapache qpideq0.10
apache:qpidapache qpideq0.11
apache:qpidapache qpideq0.12
apache:qpidapache qpideq0.13

CPE	Name	Operator	Version
apache:qpid	apache qpid	le	0.20
apache:qpid	apache qpid	eq	0.5
apache:qpid	apache qpid	eq	0.6
apache:qpid	apache qpid	eq	0.7
apache:qpid	apache qpid	eq	0.8
apache:qpid	apache qpid	eq	0.9
apache:qpid	apache qpid	eq	0.10
apache:qpid	apache qpid	eq	0.11
apache:qpid	apache qpid	eq	0.12
apache:qpid	apache qpid	eq	0.13