CVE-2024-27099

2024-02-2719:04:07

CWE-415

[email protected]

web.nvd.nist.gov

uamqp

c library

amqp 1.0

azure cloud services

double free

rce

cve-2024-27099

nvd

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

9.3 High

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

9.1%

JSON

The uAMQP is a C library for AMQP 1.0 communication to Azure Cloud Services. When processing an incorrect AMQP_VALUE failed state, may cause a double free problem. This may cause a RCE. Update submodule with commit 2ca42b6e4e098af2d17e487814a91d05f6ae4987.

Affected configurations

Vulners

Node

azureazure_uamqp_cRange<2023-2-08

CNA Affected

[
  {
    "vendor": "Azure",
    "product": "azure-uamqp-c",
    "versions": [
      {
        "version": "< 2023-2-08",
        "status": "affected"
      }
    ]
  }
]