The UAMQP is a general purpose C library for AMQP 1.0. During a call to open_get_offered_capabilities, a memory allocation may fail causing a use-after-free issue and if a client called it during connection communication it may cause a remote code execution. Users are advised to update the submodule with commit `30865c9c`. There are no known workarounds for this vulnerability.
During the invocation of the open_get_offered_capabilities function, a memory allocation failure can occur. As a result of this error, a pointer to an already freed memory area remains in use (use-after-free, CWE-416), leading to uncontrolled memory access. If the call to the faulty function occurs during active communication with a client, an attacker can trigger arbitrary code execution (RCE, CWE-94) on the vulnerable system. Exploitation is possible remotely, without authentication and without user interaction.
An attacker can remotely execute arbitrary code on a system using the vulnerable library, gaining full control over the process handling AMQP connections. This can lead to violations of confidentiality, integrity, and availability of the system.
The azure-uamqp-c submodule should be updated to commit 30865c9ccedaa32ddb036e87a8ebb52c3f18f695 according to the vendor's recommendation. The vendor does not indicate any workarounds for this vulnerability.
The azure-uamqp-c library (Microsoft Azure UAMQP) — versions preceding commit 30865c9c; specific versions indicated in vendor references.
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HMicrosoft Azure Uamqp
APPMicrosoft< 2024-02-01
Related vulnerabilities
Double free w bibliotece uAMQP-C prowadzący do RCE w Azure
RCE w bibliotece Azure uAMQP-C przez integer overflow
Atak na łańcuch dostaw DAEMON Tools Lite — trojanizacja instalatorów
RCE przez deserializację niezaufanych danych w Microsoft SharePoint Server
RCE w Windows Server Update Service (WSUS) — deserializacja danych