CVE-2024-27099

NameCVE-2024-27099
DescriptionThe uAMQP is a C library for AMQP 1.0 communication to Azure Cloud Services. When processing an incorrect `AMQP_VALUE` failed state, may cause a double free problem. This may cause a RCE. Update submodule with commit 2ca42b6e4e098af2d17e487814a91d05f6ae4987.
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, GitHub advisories/code/issues, web search, more)
Debian Bugs1064996

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
azure-uamqp-python (PTS)bullseye1.2.13-1vulnerable
bookworm1.5.3-1vulnerable
sid, trixie1.6.11-1fixed

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
azure-uamqp-pythonsource(unstable)1.6.8-21064996

Notes

[bookworm] - azure-uamqp-python <no-dsa> (Minor issue)
[bullseye] - azure-uamqp-python <no-dsa> (Minor issue)
https://github.com/Azure/azure-uamqp-c/security/advisories/GHSA-6rh4-fj44-v4jj
https://github.com/Azure/azure-uamqp-c/commit/2ca42b6e4e098af2d17e487814a91d05f6ae4987
Search for package or bug name: Reporting problems