2272482 – (CVE-2024-27099) CVE-2024-27099 python-uamqp-azure: Double free at link.c

Bug 2272482 (CVE-2024-27099) - CVE-2024-27099 python-uamqp-azure: Double free at link.c

Summary: CVE-2024-27099 python-uamqp-azure: Double free at link.c

Keywords:
Status:	NEW
Alias:	CVE-2024-27099
Product:	Security Response
Classification:	Other
Component:	vulnerability
Sub Component:
Version:	unspecified
Hardware:	All
OS:	Linux
Priority:	medium
Severity:	medium
Target Milestone:	---
Assignee:	Product Security
QA Contact:
Docs Contact:
URL:
Whiteboard:
Depends On:	2272483
Blocks:	2272487
TreeView+	depends on / blocked

Reported:	2024-04-01 14:36 UTC by Pedro Sampaio
Modified:	2025-06-17 08:28 UTC (History)
CC List:	11 users (show)
Fixed In Version:
Clone Of:
Environment:
Last Closed:
Embargoed:

Attachments	(Terms of Use)

Description Pedro Sampaio 2024-04-01 14:36:02 UTC

The uAMQP is a C library for AMQP 1.0 communication to Azure Cloud Services. This library may be used by the Azure IoT C SDK for communication between IoT Hub and IoT Hub devices if the preferred protocol to the hub service is the AMQP protocol.

The vulnerability results from a situation where the uAMQP library attempts to free the same memory location twice while processing an incorrect “AMQP_VALUE” failed state which may lead to possible RCE. This may occur when a memory allocation has failed (usually due to a low memory event).

References:

https://github.com/Azure/azure-uamqp-c/security/advisories/GHSA-6rh4-fj44-v4jj
https://github.com/Azure/azure-uamqp-c/commit/2ca42b6e4e098af2d17e487814a91d05f6ae4987
https://salsa.debian.org/python-team/packages/azure-uamqp-python/-/commit/8bde200226d14a5f4c36f73a270bd957a31d7f96#903ba3297d39cbee4afd35664e80f1b0ae609206_0_1

Comment 1 Pedro Sampaio 2024-04-01 14:36:19 UTC

Created python-uamqp tracking bugs for this issue:

Affects: fedora-all [bug 2272483]

Note You need to log in before you can comment on or make changes to this bug.