Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2012-4460

Overview

Vulnerability Score 5.0 5.0
CVE Id CVE-2012-4460
Last Modified 19 Mar 2013 12:00:00
Published 13 Mar 2013 11:10:23
Confidentiality Impact NONE NONE
Integrity Impact NONE NONE
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2012-4460

Summary

The serializing/deserializing functions in the qpid::framing::Buffer class in Apache Qpid 0.20 and earlier allow remote attackers to cause a denial of service (assertion failure and daemon exit) via unspecified vectors. NOTE: this issue could also trigger an out-of-bounds read, but it might not trigger a crash.

Vulnerable Systems

Application

  • Apache Qpid 0.10

  • Apache Qpid 0.11

  • Apache Qpid 0.12

  • Apache Qpid 0.13

  • Apache Qpid 0.14

  • Apache Qpid 0.15

  • Apache Qpid 0.16

  • Apache Qpid 0.17

  • Apache Qpid 0.18

  • Apache Qpid 0.19

  • Apache Qpid 0.20

  • Apache Qpid 0.5

  • Apache Qpid 0.6

  • Apache Qpid 0.7

  • Apache Qpid 0.8

  • Apache Qpid 0.9


References

CONFIRM - https://issues.apache.org/jira/issues/?jql=fixVersion%20%3D%20%220.21%22%20AND%20project%20%3D%20QPID

CONFIRM - https://issues.apache.org/jira/browse/QPID-4629

MISC - https://bugzilla.redhat.com/show_bug.cgi?id=861242

CONFIRM - http://svn.apache.org/viewvc?view=revision&revision=1453031


Last Updated: 27 May 2016 11:02:04