The uAMQP is a C library for AMQP 1.0 communication to Azure Cloud Services. This library may be used by the Azure IoT C SDK for communication between IoT Hub and IoT Hub devices if the preferred protocol to the hub service is the AMQP protocol. The vulnerability results from a situation where the uAMQP integer overflow exists during decoding a “AMQP_VALUE” with a payload length near max memory size of the system, which may lead to possible RCE. References: https://github.com/Azure/azure-uamqp-c/security/advisories/GHSA-c646-4whf-r67v https://github.com/Azure/azure-uamqp-c/commit/30865c9ccedaa32ddb036e87a8ebb52c3f18f695 https://salsa.debian.org/python-team/packages/azure-uamqp-python/-/commit/8bde200226d14a5f4c36f73a270bd957a31d7f96#aa3ec8ae2996f49b4740236d536d62ee43a96db7_0_1
Created python-uamqp tracking bugs for this issue: Affects: fedora-all [bug 2272486]