First published: Thu Sep 27 2012(Updated: )
It was discovered that the AMQP type decoder was exposed pre-authentication because it was possible to send arbitrary types in the client-properties map in a connection.start-ok message. This is used to send an array with elements which are all of width zero and thus consume no space on the wire, but need storage after decoding by the server. On some systems, a suitably chosen SIZE value triggers the OOM killer and terminates the server process permanently. Acknowledgements: This issue was discovered by Florian Weimer of the Red Hat Product Security Team.
Credit: secalert@redhat.com
Affected Software | Affected Version | How to fix |
---|---|---|
Apache Qpid | <=0.20 | |
Apache Qpid | =0.5 | |
Apache Qpid | =0.6 | |
Apache Qpid | =0.7 | |
Apache Qpid | =0.8 | |
Apache Qpid | =0.9 | |
Apache Qpid | =0.10 | |
Apache Qpid | =0.11 | |
Apache Qpid | =0.12 | |
Apache Qpid | =0.13 | |
Apache Qpid | =0.14 | |
Apache Qpid | =0.15 | |
Apache Qpid | =0.16 | |
Apache Qpid | =0.17 | |
Apache Qpid | =0.18 | |
Apache Qpid | =0.19 | |
redhat/qpid-cpp | <0.21 | 0.21 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.