CVE-2012-4459

2022-10-0316:15:32

CWE-189

[email protected]

web.nvd.nist.gov

cve-2012-4459

apache qpid

integer overflow

denial of service

nvd

6.8 Medium

AI Score

Confidence

High

5 Medium

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

0.01 Low

EPSS

Percentile

83.5%

JSON

Integer overflow in the qpid::framing::Buffer::checkAvailable function in Apache Qpid 0.20 and earlier allows remote attackers to cause a denial of service (crash) via a crafted message, which triggers an out-of-bounds read.

Affected configurations

NVD

Node

apacheqpidRange≤0.20

apacheqpidMatch0.5

apacheqpidMatch0.6

apacheqpidMatch0.7

apacheqpidMatch0.8

apacheqpidMatch0.9

apacheqpidMatch0.10

apacheqpidMatch0.11

apacheqpidMatch0.12

apacheqpidMatch0.13

apacheqpidMatch0.14

apacheqpidMatch0.15

apacheqpidMatch0.16

apacheqpidMatch0.17

apacheqpidMatch0.18

apacheqpidMatch0.19

CPENameOperatorVersion
apache:qpidapache qpidle0.20
apache:qpidapache qpideq0.5
apache:qpidapache qpideq0.6
apache:qpidapache qpideq0.7
apache:qpidapache qpideq0.8
apache:qpidapache qpideq0.9
apache:qpidapache qpideq0.10
apache:qpidapache qpideq0.11
apache:qpidapache qpideq0.12
apache:qpidapache qpideq0.13

CPE	Name	Operator	Version
apache:qpid	apache qpid	le	0.20
apache:qpid	apache qpid	eq	0.5
apache:qpid	apache qpid	eq	0.6
apache:qpid	apache qpid	eq	0.7
apache:qpid	apache qpid	eq	0.8
apache:qpid	apache qpid	eq	0.9
apache:qpid	apache qpid	eq	0.10
apache:qpid	apache qpid	eq	0.11
apache:qpid	apache qpid	eq	0.12
apache:qpid	apache qpid	eq	0.13