CVE-2012-4459 | Vulnerability Database | Aqua Security

Integer overflow in the qpid::framing::Buffer::checkAvailable function in Apache Qpid 0.20 and earlier allows remote attackers to cause a denial of service (crash) via a crafted message, which triggers an out-of-bounds read.

Affected Software

Name	Vendor	Start Version	End Version
Qpid	Apache	*	0.20 (including)
Qpid	Apache	0.5 (including)	0.5 (including)
Qpid	Apache	0.6 (including)	0.6 (including)
Qpid	Apache	0.7 (including)	0.7 (including)
Qpid	Apache	0.8 (including)	0.8 (including)
Qpid	Apache	0.9 (including)	0.9 (including)
Qpid	Apache	0.10 (including)	0.10 (including)
Qpid	Apache	0.11 (including)	0.11 (including)
Qpid	Apache	0.12 (including)	0.12 (including)
Qpid	Apache	0.13 (including)	0.13 (including)
Qpid	Apache	0.14 (including)	0.14 (including)
Qpid	Apache	0.15 (including)	0.15 (including)
Qpid	Apache	0.16 (including)	0.16 (including)
Qpid	Apache	0.17 (including)	0.17 (including)
Qpid	Apache	0.18 (including)	0.18 (including)
Qpid	Apache	0.19 (including)	0.19 (including)

References

http://rhn.redhat.com/errata/RHSA-2013-0561.html
http://rhn.redhat.com/errata/RHSA-2013-0562.html
http://secunia.com/advisories/52516
http://svn.apache.org/viewvc?view=revision\u0026revision=1453031
https://bugzilla.redhat.com/show_bug.cgi?id=861241
https://issues.apache.org/jira/browse/QPID-4629
https://issues.apache.org/jira/issues/?jql=fixVersion%20%3D%20%220.21%22%20AND%20project%20%3D%20QPID

NVD	https://nvd.nist.gov/vuln/detail/CVE-2012-4459
CWE	https://cwe.mitre.org/data/definitions/189.html