Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Azure IoT Platform Device SDK Remote Code Execution Vulnerability
Vulnerability Description
The UAMQP is a general purpose C library for AMQP 1.0. During a call to open_get_offered_capabilities, a memory allocation may fail causing a use-after-free issue and if a client called it during connection communication it may cause a remote code execution. Users are advised to update the submodule with commit `30865c9c`. There are no known workarounds for this vulnerability.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Vulnerability Type
对生成代码的控制不恰当(代码注入)
Vulnerability Title
UAMQP 安全漏洞
Vulnerability Description
UAMQP是AMQP 的通用 C 库。 UAMQP 2023-12-01之前版本存在安全漏洞,该漏洞源于调用open_get_offered_cabilities期间存在释放后重用漏洞。攻击者可利用该漏洞执行远程代码。
CVSS Information
N/A
Vulnerability Type
N/A