CVE-2019-18609 (https://nvd.nist.gov/vuln/detail/CVE-2019-18609): An issue was discovered in amqp_handle_input in amqp_connection.c in rabbitmq-c 0.9.0. There is an integer overflow that leads to heap memory corruption in the handling of CONNECTION_STATE_HEADER. A rogue server could return a malicious frame header that leads to a smaller target_size value than needed. This condition is then carried on to a memcpy function that copies too much data into a heap buffer.
arm64 stable
amd64 stable
sparc stable
ia64 stable
ppc64 stable
hppa stable
ppc stable
x86 stable
arm stable
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=d77087bbc1076b2c3aab19e4649e6c6fbacb6d9b commit d77087bbc1076b2c3aab19e4649e6c6fbacb6d9b Author: Thomas Deutschmann <whissi@gentoo.org> AuthorDate: 2019-12-26 15:14:28 +0000 Commit: Thomas Deutschmann <whissi@gentoo.org> CommitDate: 2019-12-26 15:14:28 +0000 net-libs/rabbitmq-c: security cleanup Bug: https://bugs.gentoo.org/701810 Package-Manager: Portage-2.3.83, Repoman-2.3.20 Signed-off-by: Thomas Deutschmann <whissi@gentoo.org> net-libs/rabbitmq-c/Manifest | 1 - net-libs/rabbitmq-c/rabbitmq-c-0.9.0.ebuild | 55 ----------------------------- 2 files changed, 56 deletions(-)
New GLSA request filed.
This issue was resolved and addressed in GLSA 202003-07 at https://security.gentoo.org/glsa/202003-07 by GLSA coordinator Thomas Deutschmann (whissi).