vulnerability
FreeBSD: VID-7c555ce3-658d-4589-83dd-4b6a31c5d610 (CVE-2019-18609): RabbitMQ-C -- integer overflow leads to heap corruption
| Severity | CVSS | Published | Added | Modified |
|---|---|---|---|---|
| 7 | (AV:N/AC:L/Au:N/C:P/I:P/A:P) | Jun 25, 2021 | Nov 4, 2022 | Dec 10, 2025 |
Severity
7
CVSS
(AV:N/AC:L/Au:N/C:P/I:P/A:P)
Published
Jun 25, 2021
Added
Nov 4, 2022
Modified
Dec 10, 2025
Description
alanxz reports: When parsing a frame header, validate that the frame_size is less than or equal to INT32_MAX. Given frame_max is limited between 0 and INT32_MAX in amqp_login and friends, this does not change the API. This prevents a potential buffer overflow when a malicious client sends a frame_size that is close to UINT32_MAX, in which causes an overflow when computing state->target_size resulting in a small value there. A buffer is then allocated with the small amount, then memcopy copies the frame_size writing to memory beyond the end of the buffer.
Solutions
freebsd-upgrade-package-rabbitmq-cfreebsd-upgrade-package-rabbitmq-c-devel
NEW
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.