CVE-2019-18609

Current Description

An issue was discovered in amqp_handle_input in amqp_connection.c in rabbitmq-c 0.9.0. There is an integer overflow that leads to heap memory corruption in the handling of CONNECTION_STATE_HEADER. A rogue server could return a malicious frame header that leads to a smaller target_size value than needed. This condition is then carried on to a memcpy function that copies too much data into a heap buffer.

Basic Data

Published	December 01, 2019
Last Modified	March 13, 2020
Assigner	cve@mitre.org
Data Type	CVE
Data Format	MITRE
Data Version	4.0
Problem Type	CWE-190
CVE Data Version	4.0

Base Metric V2

CVSS 2 - Version	2.0
CVSS 2 - Vector String	AV:N/AC:L/Au:N/C:P/I:P/A:P
CVSS 2 - Access Vector	NETWORK
CVSS 2 - Access Complexity	LOW
CVSS 2 - Authentication	NONE
CVSS 2 - Confidentiality Impact	PARTIAL
CVSS 2 - Availability Impact	PARTIAL
CVSS 2 - Base Score	7.5
Severity	HIGH
Exploitability Score	10.0
Impact Score	6.4
Obtain All Privilege	false
Obtain User Privilege	false
Obtain Other Privilege	false

Base Metric V3

No data provided.

Configurations

OR - Configuration 1

Cpe Version	Part	Vendor	Product	Version	Update	Edition	Language	SW Edition	Target SW	Target HW	Other	Version Start Including	Version End Including	Version Start Excluding	Version End Excluding
2.3	Application	Rabbitmq-c Project	Rabbitmq-c	0.9.0	*	*	*	*	*	*	*

OR - Configuration 2

Cpe Version	Part	Vendor	Product	Version	Update	Edition	Language	SW Edition	Target SW	Target HW	Other	Version Start Including	Version End Including	Version Start Excluding	Version End Excluding
2.3	OS	Fedoraproject	Fedora	30	*	*	*	*	*	*	*
2.3	OS	Fedoraproject	Fedora	31	*	*	*	*	*	*	*

OR - Configuration 3

Cpe Version	Part	Vendor	Product	Version	Update	Edition	Language	SW Edition	Target SW	Target HW	Other
2.3	OS	Canonical	Ubuntu Linux	14.04	*	*	*	esm	*	*	*
2.3	OS	Canonical	Ubuntu Linux	16.04	*	*	*	lts	*	*	*
2.3	OS	Canonical	Ubuntu Linux	18.04	*	*	*	lts	*	*	*
2.3	OS	Canonical	Ubuntu Linux	19.04	*	*	*	*	*	*	*
2.3	OS	Canonical	Ubuntu Linux	19.10	*	*	*	*	*	*	*

OR - Configuration 4

Cpe Version	Part	Vendor	Product	Version	Update	Edition	Language	SW Edition	Target SW	Target HW	Other	Version Start Including	Version End Including	Version Start Excluding	Version End Excluding
2.3	OS	Debian	Debian Linux	8.0	*	*	*	*	*	*	*

Vulnerable Software List

Vendor	Product	Versions
Debian	Debian Linux	8.0
Canonical	Ubuntu Linux	14.04, 16.04, 18.04, 19.04, 19.10
Rabbitmq-c Project	Rabbitmq-c	0.9.0
Fedoraproject	Fedora	30, 31

References

Name	Source	URL	Tags
https://github.com/alanxz/rabbitmq-c/blob/master/ChangeLog.md	https://github.com/alanxz/rabbitmq-c/blob/master/ChangeLog.md	MISC	Third Party Advisory
https://github.com/alanxz/rabbitmq-c/commit/fc85be7123050b91b054e45b91c78d3241a5047a	https://github.com/alanxz/rabbitmq-c/commit/fc85be7123050b91b054e45b91c78d3241a5047a	CONFIRM	Patch Third Party Advisory
[debian-lts-announce] 20191206 [SECURITY] [DLA 2022-1] librabbitmq security update	https://lists.debian.org/debian-lts-announce/2019/12/msg00004.html	MLIST	Mailing List Third Party Advisory
FEDORA-2019-dd7c8f5435	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WA7CP	FEDORA	Third Party Advisory
FEDORA-2019-8730b65158	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XQER6	FEDORA	Third Party Advisory
https://news.ycombinator.com/item?id=21681976	https://news.ycombinator.com/item?id=21681976	MISC	Issue Tracking Third Party Advisory
GLSA-202003-07	https://security.gentoo.org/glsa/202003-07	GENTOO
USN-4214-1	https://usn.ubuntu.com/4214-1/	UBUNTU	Third Party Advisory
USN-4214-2	https://usn.ubuntu.com/4214-2/	UBUNTU	Third Party Advisory