Bugzilla – Bug 1219409
VUL-0: CVE-2024-21646: python-uamqp: integer overflow may cause remote code execution
Last modified: 2024-02-12 14:04:33 UTC
Azure uAMQP is a general purpose C library for AMQP 1.0. The UAMQP library is used by several clients to implement AMQP protocol communication. When clients using this library receive a crafted binary type data, an integer overflow or wraparound or memory safety issue can occur and may cause remote code execution. This vulnerability has been patched in release 2024-01-01. References: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2024-21646 https://github.com/Azure/azure-uamqp-c/commit/12ddb3a31a5a97f55b06fa5d74c59a1d84ad78fe https://github.com/Azure/azure-uamqp-c/security/advisories/GHSA-j29m-p99g-7hpv https://www.cve.org/CVERecord?id=CVE-2024-21646
Updated packages have been submitted for: - SUSE:SLE-15-SP1:Update/python-uamqp - openSUSE:Factory/python-uamqp Fixing the package in SUSE:SLE-12-SP1:Update will be a bit more difficult since the version found there is much older (1.2.12).
SUSE-SU-2024:0323-1: An update that solves one vulnerability can now be installed. Category: security (critical) Bug References: 1219409 CVE References: CVE-2024-21646 Sources used: openSUSE Leap 15.5 (src): python-uamqp-1.5.3-150100.4.10.1 Public Cloud Module 15-SP2 (src): python-uamqp-1.5.3-150100.4.10.1 Public Cloud Module 15-SP3 (src): python-uamqp-1.5.3-150100.4.10.1 Public Cloud Module 15-SP4 (src): python-uamqp-1.5.3-150100.4.10.1 Public Cloud Module 15-SP5 (src): python-uamqp-1.5.3-150100.4.10.1 NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.