CVEDB API

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2019-18609

An issue was discovered in amqp_handle_input in amqp_connection.c in rabbitmq-c 0.9.0. There is an integer overflow that leads to heap memory corruption in the handling of CONNECTION_STATE_HEADER. A rogue server could return a malicious frame header that leads to a smaller target_size value than needed. This condition is then carried on to a memcpy function that copies too much data into a heap buffer.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.023

EPSS Ranking 83.9%

CVSS Severity

CVSS v3 Score 9.8

CVSS v2 Score 7.5

References

Products affected by CVE-2019-18609

Rabbitmq-C Project » Rabbitmq-C » Version: N/A

cpe:2.3:a:rabbitmq-c_project:rabbitmq-c:-
Rabbitmq-C Project » Rabbitmq-C » Version: 0.1

cpe:2.3:a:rabbitmq-c_project:rabbitmq-c:0.1
Rabbitmq-C Project » Rabbitmq-C » Version: 0.2

cpe:2.3:a:rabbitmq-c_project:rabbitmq-c:0.2
Rabbitmq-C Project » Rabbitmq-C » Version: 0.3.0

cpe:2.3:a:rabbitmq-c_project:rabbitmq-c:0.3.0
Rabbitmq-C Project » Rabbitmq-C » Version: 0.4.0

cpe:2.3:a:rabbitmq-c_project:rabbitmq-c:0.4.0
Rabbitmq-C Project » Rabbitmq-C » Version: 0.4.1

cpe:2.3:a:rabbitmq-c_project:rabbitmq-c:0.4.1
Rabbitmq-C Project » Rabbitmq-C » Version: 0.5.0

cpe:2.3:a:rabbitmq-c_project:rabbitmq-c:0.5.0
Rabbitmq-C Project » Rabbitmq-C » Version: 0.5.1

cpe:2.3:a:rabbitmq-c_project:rabbitmq-c:0.5.1
Rabbitmq-C Project » Rabbitmq-C » Version: 0.5.2

cpe:2.3:a:rabbitmq-c_project:rabbitmq-c:0.5.2
Rabbitmq-C Project » Rabbitmq-C » Version: 0.6.0

cpe:2.3:a:rabbitmq-c_project:rabbitmq-c:0.6.0
Rabbitmq-C Project » Rabbitmq-C » Version: 0.7.0

cpe:2.3:a:rabbitmq-c_project:rabbitmq-c:0.7.0
Rabbitmq-C Project » Rabbitmq-C » Version: 0.7.1

cpe:2.3:a:rabbitmq-c_project:rabbitmq-c:0.7.1
Rabbitmq-C Project » Rabbitmq-C » Version: 0.8.0

cpe:2.3:a:rabbitmq-c_project:rabbitmq-c:0.8.0
Rabbitmq-C Project » Rabbitmq-C » Version: 0.9.0

cpe:2.3:a:rabbitmq-c_project:rabbitmq-c:0.9.0
Canonical » Ubuntu Linux » Version: 14.04

cpe:2.3:o:canonical:ubuntu_linux:14.04
Canonical » Ubuntu Linux » Version: 16.04

cpe:2.3:o:canonical:ubuntu_linux:16.04
Canonical » Ubuntu Linux » Version: 18.04

cpe:2.3:o:canonical:ubuntu_linux:18.04
Canonical » Ubuntu Linux » Version: 19.04

cpe:2.3:o:canonical:ubuntu_linux:19.04
Canonical » Ubuntu Linux » Version: 19.10

cpe:2.3:o:canonical:ubuntu_linux:19.10
Debian » Debian Linux » Version: 8.0

cpe:2.3:o:debian:debian_linux:8.0
Fedoraproject » Fedora » Version: 30

cpe:2.3:o:fedoraproject:fedora:30
Fedoraproject » Fedora » Version: 31

cpe:2.3:o:fedoraproject:fedora:31

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2019-18609

Products

Pricing

Contact Us