5

CVE-2012-4460

The serializing/deserializing functions in the qpid::framing::Buffer class in Apache Qpid 0.20 and earlier allow remote attackers to cause a denial of service (assertion failure and daemon exit) via unspecified vectors.  NOTE: this issue could also trigger an out-of-bounds read, but it might not trigger a crash.

Data is provided by the National Vulnerability Database (NVD)
ApacheQpid Version <= 0.20
ApacheQpid Version0.5
ApacheQpid Version0.6
ApacheQpid Version0.7
ApacheQpid Version0.8
ApacheQpid Version0.9
ApacheQpid Version0.10
ApacheQpid Version0.11
ApacheQpid Version0.12
ApacheQpid Version0.13
ApacheQpid Version0.14
ApacheQpid Version0.15
ApacheQpid Version0.16
ApacheQpid Version0.17
ApacheQpid Version0.18
ApacheQpid Version0.19
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
EPSS Metriken
Type Source Score Percentile
EPSS FIRST.org 2.69% 0.853
CVSS Metriken
Source Base Score Exploit Score Impact Score Vector string
nvd@nist.gov 5 10 2.9
AV:N/AC:L/Au:N/C:N/I:N/A:P
CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer

The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data.