Bug 2272485 (CVE-2024-25110) - CVE-2024-25110 python-uamqp-azure: Integer overflow at message.c
Summary: CVE-2024-25110 python-uamqp-azure: Integer overflow at message.c
Keywords:
Status: NEW
Alias: CVE-2024-25110
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
medium
medium
Target Milestone: ---
Assignee: Product Security
QA Contact:
URL:
Whiteboard:
Depends On: 2272486
Blocks: 2272487
TreeView+ depends on / blocked
 
Reported: 2024-04-01 14:44 UTC by Pedro Sampaio
Modified: 2024-04-16 07:42 UTC (History)
13 users (show)

Fixed In Version:
Doc Type: ---
Doc Text:
An integer overflow vulnerability was found in python-uamqp-azure affecting the embedded azure-uamqp-c library at the message.c file. If some uncommon conditions are met, an authenticated user may cause remote code execution.
Clone Of:
Environment:
Last Closed:
Embargoed:

Attachments (Terms of Use)

Description Pedro Sampaio 2024-04-01 14:44:37 UTC 
The uAMQP is a C library for AMQP 1.0 communication to Azure Cloud Services. This library may be used by the Azure IoT C SDK for communication between IoT Hub and IoT Hub devices if the preferred protocol to the hub service is the AMQP protocol.
The vulnerability results from a situation where the uAMQP integer overflow exists during decoding a “AMQP_VALUE” with a payload length near max memory size of the system, which may lead to possible RCE.


References:

https://github.com/Azure/azure-uamqp-c/security/advisories/GHSA-c646-4whf-r67v
https://github.com/Azure/azure-uamqp-c/commit/30865c9ccedaa32ddb036e87a8ebb52c3f18f695
https://salsa.debian.org/python-team/packages/azure-uamqp-python/-/commit/8bde200226d14a5f4c36f73a270bd957a31d7f96#aa3ec8ae2996f49b4740236d536d62ee43a96db7_0_1
Comment 1 Pedro Sampaio 2024-04-01 14:45:03 UTC 
Created python-uamqp tracking bugs for this issue:

Affects: fedora-all [bug 2272486]
Note You need to log in before you can comment on or make changes to this bug.