Denial of Service Vulnerability in Apache Qpid by Remote Attackers
CVE-2012-4460

Currently unrated

Key Information:

Vendor: Apache
Status: Qpid
Vendor: CVE Published:; 14 March 2013

Summary

The serialization and deserialization methods within the qpid::framing::Buffer class found in Apache Qpid versions 0.20 and earlier are susceptible to exploitation by remote attackers. This vulnerability may lead to a denial of service condition, where attackers can manipulate the application to cause it to assert failure and exit unexpectedly. Moreover, there exists a potential risk of triggering out-of-bounds read conditions, which could compromise the stability of the service without necessarily causing a crash.

References

https://bugzilla.redhat.com/show_bug.cgi?id=861242

x_refsource_MISC

https://issues.apache.org/jira/issues/?jql=fixVersion%20%...

x_refsource_CONFIRM

https://issues.apache.org/jira/browse/QPID-4629

x_refsource_CONFIRM

Timeline

Vulnerability published
Mar 14, 2013
Vulnerability Reserved
Aug 21, 2012