CVE-2012-4460

Currently unrated

Key Information:

Vendor: Apache
Status: Qpid
Vendor: CVE Published:; 14 March 2013

Summary

The serializing/deserializing functions in the qpid::framing::Buffer class in Apache Qpid 0.20 and earlier allow remote attackers to cause a denial of service (assertion failure and daemon exit) via unspecified vectors. NOTE: this issue could also trigger an out-of-bounds read, but it might not trigger a crash.

References

https://bugzilla.redhat.com/show_bug.cgi?id=861242

x_refsource_MISC

https://issues.apache.org/jira/issues/?jql=fixVersion%20%...

x_refsource_CONFIRM

https://issues.apache.org/jira/browse/QPID-4629

x_refsource_CONFIRM

Timeline

Vulnerability published
Mar 14, 2013
Vulnerability Reserved
Aug 21, 2012