CVE-2012-4459: Integer Overflow
First published: Thu Sep 27 2012(Updated: )
Integer overflow in the qpid::framing::Buffer::checkAvailable function in Apache Qpid 0.20 and earlier allows remote attackers to cause a denial of service (crash) via a crafted message, which triggers an out-of-bounds read.
Credit: secalert@redhat.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Apache Qpid | <=0.20 | |
| Apache Qpid | =0.5 | |
| Apache Qpid | =0.6 | |
| Apache Qpid | =0.7 | |
| Apache Qpid | =0.8 | |
| Apache Qpid | =0.9 | |
| Apache Qpid | =0.10 | |
| Apache Qpid | =0.11 | |
| Apache Qpid | =0.12 | |
| Apache Qpid | =0.13 | |
| Apache Qpid | =0.14 | |
| Apache Qpid | =0.15 | |
| Apache Qpid | =0.16 | |
| Apache Qpid | =0.17 | |
| Apache Qpid | =0.18 | |
| Apache Qpid | =0.19 | |
| redhat/qpid-cpp | <0.21 | 0.21 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://rhn.redhat.com/errata/RHSA-2013-0561.html
- http://rhn.redhat.com/errata/RHSA-2013-0562.html
- http://secunia.com/advisories/52516
- http://svn.apache.org/viewvc?view=revision&revision=1453031
- https://bugzilla.redhat.com/show_bug.cgi?id=861241
- https://issues.apache.org/jira/browse/QPID-4629
- https://issues.apache.org/jira/issues/?jql=fixVersion%20%3D%20%220.21%22%20AND%20project%20%3D%20QPID
- https://svn.apache.org/viewvc?view=revision&revision=1453031
- https://rhn.redhat.com/errata/RHSA-2013-0562.html
- https://rhn.redhat.com/errata/RHSA-2013-0561.html
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=918804
Frequently Asked Questions
What is the severity of CVE-2012-4459?
CVE-2012-4459 is classified as a high severity vulnerability due to its potential for denial of service attacks.
How do I fix CVE-2012-4459?
To fix CVE-2012-4459, upgrade Apache Qpid to version 0.21 or later.
What versions of Apache Qpid are affected by CVE-2012-4459?
CVE-2012-4459 affects Apache Qpid versions 0.20 and earlier, as well as versions 0.5 through 0.19.
What type of attack is possible with CVE-2012-4459?
CVE-2012-4459 allows attackers to perform a denial of service by crashing the application through a crafted message.
Is there a known exploit for CVE-2012-4459?
There are no public exploits specifically for CVE-2012-4459, but the vulnerability can be exploited by sending specially crafted messages to the affected service.
- agent/author
- agent/description
- agent/event
- agent/first-publish-date
- agent/last-modified-date
- agent/references
- agent/remedy
- agent/severity
- agent/softwarecombine
- agent/tags
- agent/type
- agent/weakness
- collector/nvd-index
- collector/redhat-bugzilla
- alias/CVE-2012-4459
- vendor/apache
- canonical/apache qpid
- version/apache qpid/0.20
- version/apache qpid/0.5
- version/apache qpid/0.6
- version/apache qpid/0.7
- version/apache qpid/0.8
- version/apache qpid/0.9
- version/apache qpid/0.10
- version/apache qpid/0.11
- version/apache qpid/0.12
- version/apache qpid/0.13
- version/apache qpid/0.14
- version/apache qpid/0.15
- version/apache qpid/0.16
- version/apache qpid/0.17
- version/apache qpid/0.18
- version/apache qpid/0.19
- package-manager/redhat