CVE-2012-4460

The serializing/deserializing functions in the qpid::framing::Buffer class in Apache Qpid 0.20 and earlier allow remote attackers to cause a denial of service (assertion failure and daemon exit) via unspecified vectors. NOTE: this issue could also trigger an out-of-bounds read, but it might not trigger a crash.

🔗 References (8)

• secalert@redhathttp://svn.apache.org/viewvc?view=revision&revision=1453031
• secalert@redhathttps://bugzilla.redhat.com/show_bug.cgi?id=861242
• secalert@redhathttps://issues.apache.org/jira/browse/QPID-4629
• secalert@redhathttps://issues.apache.org/jira/issues/?jql=fixVersion%20%3D%20%220.21%22%20AND%20project%20%3D%20QPID
• af854a3a-2127-422b-91ae-364da2661108http://svn.apache.org/viewvc?view=revision&revision=1453031
• af854a3a-2127-422b-91ae-364da2661108https://bugzilla.redhat.com/show_bug.cgi?id=861242
• af854a3a-2127-422b-91ae-364da2661108https://issues.apache.org/jira/browse/QPID-4629
• af854a3a-2127-422b-91ae-364da2661108https://issues.apache.org/jira/issues/?jql=fixVersion%20%3D%20%220.21%22%20AND%20project%20%3D%20QPID