CVE-2024-25110

See a problem?
Please try reporting it to the source first.
Source
https://nvd.nist.gov/vuln/detail/CVE-2024-25110
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-25110.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2024-25110
Aliases
  • GHSA-c646-4whf-r67v
Downstream
Related
Published
2024-02-12T19:58:36.362Z
Modified
2025-11-20T12:25:42.608260Z
Severity
  • 9.8 (Critical) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS Calculator
Summary
Azure IoT Platform Device SDK Remote Code Execution Vulnerability
Details

The UAMQP is a general purpose C library for AMQP 1.0. During a call to opengetoffered_capabilities, a memory allocation may fail causing a use-after-free issue and if a client called it during connection communication it may cause a remote code execution. Users are advised to update the submodule with commit 30865c9c. There are no known workarounds for this vulnerability.

Database specific 
{
    "cwe_ids": [
        "CWE-94"
    ]
}
References

Affected packages

Git / github.com/azure/azure-uamqp-c

Affected ranges

Type
GIT
Repo
https://github.com/azure/azure-uamqp-c
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed
30865c9ccedaa32ddb036e87a8ebb52c3f18f695

Affected versions

1.*

1.0.0-pre-release-1.0.8
1.1.7
1.2.10
1.2.11
1.2.2
1.2.3
1.2.4
1.2.5
1.2.6
1.2.8
1.2.9

Other

2016-03-03
2016-06-27
2016-08-16
2016-08-26
2016-09-09
2016-10-14
2016-11-17
2017-01-20
2017-01-27
2017-02-10
2017-02-24
2017-04-06
2017-04-07
2017-05-05
2017-06-16
2017-07-14
2017-07-28
2017-08-11
2017-09-08
2017-09-25
2017-10-09
2017-10-20
2017-11-03
2017-11-17
2017-12-14
2018-01-12
2018-01-29
2018-02-09
2018-03-01-temp-pod-1
2018-03-07-temp-pod
2018-04-02
2018-04-04
2018-04-13
2018-06-15
2018-06-26
2018-06-27
2018-07-11
2018-09-11
2018-10-03
2018-11-20
2020-07-19
2020-12-09
LTS_02_2020_Ref01
LTS_07_2022_Ref02

v1.*

v1.2.0

Database specific

vanir_signatures

[
    {
        "id": "CVE-2024-25110-46856f97",
        "target": {
            "file": "src/message.c",
            "function": "message_add_body_amqp_sequence"
        },
        "digest": {
            "function_hash": "158457984311698486482349393535596086273",
            "length": 1035.0
        },
        "deprecated": false,
        "signature_type": "Function",
        "source": "https://github.com/azure/azure-uamqp-c/commit/30865c9ccedaa32ddb036e87a8ebb52c3f18f695",
        "signature_version": "v1"
    },
    {
        "id": "CVE-2024-25110-57c28b29",
        "target": {
            "file": "src/message.c",
            "function": "message_clone"
        },
        "digest": {
            "function_hash": "237409506471120523163468099848709436283",
            "length": 4049.0
        },
        "deprecated": false,
        "signature_type": "Function",
        "source": "https://github.com/azure/azure-uamqp-c/commit/30865c9ccedaa32ddb036e87a8ebb52c3f18f695",
        "signature_version": "v1"
    },
    {
        "id": "CVE-2024-25110-76b04d35",
        "target": {
            "file": "src/message.c",
            "function": "message_add_body_amqp_data"
        },
        "digest": {
            "function_hash": "238489935780152896927333878974999291821",
            "length": 1726.0
        },
        "deprecated": false,
        "signature_type": "Function",
        "source": "https://github.com/azure/azure-uamqp-c/commit/30865c9ccedaa32ddb036e87a8ebb52c3f18f695",
        "signature_version": "v1"
    },
    {
        "id": "CVE-2024-25110-81ec794b",
        "target": {
            "file": "src/message.c"
        },
        "digest": {
            "threshold": 0.9,
            "line_hashes": [
                "325457012011733953239843125439419727490",
                "294081632543052684894456755687252855598",
                "206399519593523871643722580443503481279",
                "336048612588086496132875925262104996378",
                "15921845211658557806938495252336595199",
                "50039827729055559951544089518522621226",
                "244178928673634879389712315081266197631",
                "155072858732171632696462747069774327551",
                "89761391438884755431924095947736202896",
                "304350604899038067480592051774608165907",
                "327673326650010816540499860775178640081",
                "110782247070774133170039652147806010606",
                "340159247083158304185289335428656994444",
                "24626282345984986385722766916925455193",
                "191786658270818464751177831393699153150",
                "237070572413441473181212909015905087728",
                "213156041087766401877805824317165537772",
                "92295284341004406499219115011048117193",
                "152455910791296672571539147132046754681",
                "40906715934780838014307423565730217401",
                "285240709500804468994679480133560955884",
                "233048512432173453446000022518114482360",
                "10691248825715289945124217785336771628",
                "317309475880812489533701666174781678699",
                "75358603630539952540124267050071170248",
                "316899657553837240479978115110033287043",
                "228519166833932127887979502491357792843",
                "106876808364243971447755750851365182398",
                "255175489116586480931630131772582478146",
                "50235503513637788800413564163637444722",
                "33677259825862322178406168181317537205",
                "83049717447417910388820882488758826325",
                "162807654506492973600031876133276538503",
                "244390895036547757654044719140315312373",
                "307077526229192706213969331621410105977",
                "278174401688750081969053208336150519565",
                "113435288970469190882859516521129710345",
                "117725232571048000656130187234547445328",
                "151172585525450662044559442957796778648",
                "113068151104731746386428526439213764471",
                "339950704759285823483199718781839638654",
                "224764122522287965830576005711135227068",
                "259416583602192655981289806670089691995",
                "59508697531977397260565260173359097138",
                "94958525298568735701065531832449065588",
                "201510276107647747864596476292947947518",
                "340159247083158304185289335428656994444",
                "24626282345984986385722766916925455193",
                "32553347629084537685922136824700766707",
                "117150554197487392350849344101117188339",
                "192891626663376144019261646892995642489",
                "159548083070414520659847242839396024261",
                "185701158478883043867369499047554012343",
                "256062875789358261691016832197809928649",
                "207740523930741393237840690398830939077",
                "70797887671100625363611738468644159817",
                "27482742756476887466858327954453681562",
                "51628674581616747478285647014605817621",
                "171934943893386583878245391267727181349",
                "45756469151566083344220743376491770291",
                "203863253000143974855533582592645113448",
                "159024934847381425715365563491972734634",
                "244390895036547757654044719140315312373",
                "307077526229192706213969331621410105977",
                "278174401688750081969053208336150519565",
                "260968779665391911889746688653455513700",
                "279516564258542560747457856856961452557",
                "98149598642117113085566469509528496734",
                "339034620890952701117485141707911346941",
                "245133811749974661369399414382426937142",
                "335198604350421359601126766504658679639",
                "306373151345500246537294867821727743208",
                "317024237342894619126225890565814036687",
                "43364865129449082322763427443925149058",
                "319846824678130277763252526128686658317",
                "295831072452465002222566475446124663592",
                "174769875487403893293157717329210133906",
                "311055311015585525107487430179117059539",
                "84522616241783022973394127345471340782",
                "256852680461287759003191580808964834579",
                "81761225694438238982791302332792056534",
                "123219927557557110098123904725314021070",
                "52399888342241565346649838080758370931",
                "177146179976998219775432941711238703481",
                "261170481480005001483175644969618610626",
                "120213386152896679044596145666054953395",
                "13802595517866962800886978905585795490",
                "2824661109379391028306739970431988294",
                "3273063288587212015000365071851012543",
                "218126917610037445245082781732643390448",
                "88754824377430924446027630455344392996",
                "189167696825297332122388415051494419603",
                "319846824678130277763252526128686658317",
                "313938298222701622257153662576078754678",
                "123602796373858304165394599115439070574",
                "229926772932812088063986360996061759936",
                "286938164555254993027009828640285885072",
                "180151375228441753534416090000856837183",
                "37972761876558925653834438707479554693",
                "259542367791204670446770824380182934919",
                "108587633537507210242609878158511307392",
                "99095285102937629949625351172585136558",
                "335983243072085395441404091762202752865",
                "278340648981528437587898696200765576762",
                "29607779800056197572310268312721761753",
                "163706870671135313658426803409353492191",
                "123214065914650123079115717822763784950",
                "176329801603680511764902122981208568730",
                "319846824678130277763252526128686658317",
                "292977171599052828050920772854714661387",
                "213162425655698733864180474615320363076",
                "51029471064119340623574644466105319695",
                "202516994853314817086598778336964742245",
                "72481974887288837456567985656959724868",
                "264246721603375745096836682223171486092",
                "114780674753527803530531923745035776057",
                "268209444406537249793483704333000369972",
                "319846824678130277763252526128686658317",
                "89671208052137601658838106205429143082",
                "78429588535589264694674052666683735239",
                "143306618606609383524993088273997711330",
                "98204645091303353329222288433637015245",
                "259542367791204670446770824380182934919"
            ]
        },
        "deprecated": false,
        "signature_type": "Line",
        "source": "https://github.com/azure/azure-uamqp-c/commit/30865c9ccedaa32ddb036e87a8ebb52c3f18f695",
        "signature_version": "v1"
    }
]