The serializing/deserializing functions in the qpid::framing::Buffer class in Apache Qpid 0.20 and earlier allow remote attackers to cause a denial of service (assertion failure and daemon exit) via unspecified vectors. NOTE: this issue could also trigger an out-of-bounds read, but it might not trigger a crash.
| Date Added | Due Date | Vulnerability Name | Required Action |
|---|---|---|---|
| N/A |
| Type | Version | Base score | Base severity | Vector |
|---|---|---|---|---|
| Primary | 2.0 | 5.0 | MEDIUM | AV:N/AC:L/Au:N/C:N/I:N/A:P |
| Hyperlink | Source | Resource |
|---|---|---|
| http://svn.apache.org/viewvc?view=revision&revision=1453031 | secalert@redhat.com | Patch |
| https://bugzilla.redhat.com/show_bug.cgi?id=861242 | secalert@redhat.com | N/A |
| https://issues.apache.org/jira/browse/QPID-4629 | secalert@redhat.com | N/A |
| https://issues.apache.org/jira/issues/?jql=fixVersion%20%3D%20%220.21%22%20AND%20project%20%3D%20QPID | secalert@redhat.com | N/A |
| http://svn.apache.org/viewvc?view=revision&revision=1453031 | af854a3a-2127-422b-91ae-364da2661108 | Patch |
| https://bugzilla.redhat.com/show_bug.cgi?id=861242 | af854a3a-2127-422b-91ae-364da2661108 | N/A |
| https://issues.apache.org/jira/browse/QPID-4629 | af854a3a-2127-422b-91ae-364da2661108 | N/A |
| https://issues.apache.org/jira/issues/?jql=fixVersion%20%3D%20%220.21%22%20AND%20project%20%3D%20QPID | af854a3a-2127-422b-91ae-364da2661108 | N/A |