CVE-2019-18609

Name	CVE-2019-18609
Description	An issue was discovered in amqp_handle_input in amqp_connection.c in rabbitmq-c 0.9.0. There is an integer overflow that leads to heap memory corruption in the handling of CONNECTION_STATE_HEADER. A rogue server could return a malicious frame header that leads to a smaller target_size value than needed. This condition is then carried on to a memcpy function that copies too much data into a heap buffer.
Source	CVE (at NVD; CERT, LWN, oss-sec, fulldisc, bugtraq, EDB, Metasploit, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, Mageia, GitHub code/issues, web search, more)
References	DLA-2022-1
Debian Bugs	946005

Vulnerable and fixed packages

The table below lists information on source packages.

Source Package	Release	Version	Status
librabbitmq (PTS)	buster	0.9.0-0.2	vulnerable
	bullseye	0.10.0-1	fixed
	bookworm, sid	0.11.0-1	fixed

The information below is based on the following data on fixed versions.

Package	Type	Release	Fixed Version	Urgency	Origin	Debian Bugs
librabbitmq	source	jessie	0.5.2-2+deb8u1		DLA-2022-1
librabbitmq	source	(unstable)	0.10.0-1	low		946005

Notes

[buster] - librabbitmq <no-dsa> (Minor issue)
[stretch] - librabbitmq <no-dsa> (Minor issue)
https://github.com/alanxz/rabbitmq-c/commit/fc85be7123050b91b054e45b91c78d3241a5047a