プラットフォーム
c
コンポーネント
azure-uamqp-c
修正版
2024.0.1
CVE-2024-25110 describes a critical Remote Code Execution (RCE) vulnerability discovered in the Azure UAMQP C Library. This vulnerability stems from a use-after-free condition triggered by a memory allocation failure within the opengetoffered_capabilities function. The issue can be exploited during connection communication, potentially allowing an attacker to execute arbitrary code. Affected versions include those prior to or equal to 2024-01-01; upgrading to submodule commit 30865c9c resolves the vulnerability.
Successful exploitation of CVE-2024-25110 allows a remote attacker to execute arbitrary code on the system running the Azure UAMQP C Library. This could lead to complete system compromise, including data theft, modification, or destruction. The use-after-free nature of the vulnerability suggests a high degree of exploitability, potentially enabling attackers to bypass security controls and gain persistent access. Given the library's role in AMQP communication, this vulnerability could affect applications relying on this protocol for secure messaging, potentially impacting data integrity and confidentiality. The blast radius extends to any service utilizing the vulnerable library, making it a significant risk.
CVE-2024-25110 was publicly disclosed on February 12, 2024. Its CRITICAL CVSS score (9.8) indicates a high probability of exploitation. As of this writing, there are no known public exploits or active campaigns targeting this vulnerability. It is not currently listed on the CISA KEV catalog. The use-after-free nature of the vulnerability makes it a prime target for exploitation, and security teams should prioritize patching.
Applications and services relying on the Azure UAMQP C Library for AMQP 1.0 communication are at risk. This includes systems handling sensitive data transmitted over AMQP, as well as those integrated with Azure services that utilize the library. Organizations with legacy systems or those using older versions of the library are particularly vulnerable.
• linux / server:
find / -name 'uamqp.so' -print0 | xargs -0 grep -i 'open_get_offered_capabilities'• c:
Inspect the codebase for instances of opengetoffered_capabilities and review memory allocation/deallocation patterns around its usage.
• generic web:
Monitor AMQP traffic for unusual patterns or errors that might indicate exploitation attempts.
disclosure
エクスプロイト状況
EPSS
0.74% (73% パーセンタイル)
CVSS ベクトル
The primary mitigation for CVE-2024-25110 is to immediately upgrade the Azure UAMQP C Library submodule to commit 30865c9c. Due to the nature of the vulnerability (use-after-free), there are no known workarounds beyond upgrading. Rolling back to a previous version is not recommended as it reintroduces the vulnerability. Consider implementing network segmentation to limit the potential impact of a successful exploit. Monitor system logs for any unusual activity related to AMQP connections, specifically focusing on errors or crashes within the UAMQP library. After upgrading, confirm the fix by attempting to trigger the opengetoffered_capabilities function and verifying that no memory errors or crashes occur.
azure-uamqp-cサブモジュールをcommit `30865c9c`またはそれ以降のバージョンにアップデートしてください。これにより、use-after-freeの脆弱性が修正されます。詳細については、GitHubのセキュリティアドバイザリを参照してください。
脆弱性分析と重要アラートをメールでお届けします。
CVE-2024-25110 is a critical Remote Code Execution vulnerability in the Azure UAMQP C Library, affecting versions up to 2024-01-01. A memory allocation failure leads to a use-after-free, enabling remote code execution during AMQP communication.
You are affected if you are using the Azure UAMQP C Library version 2024-01-01 or earlier. Check your dependencies and upgrade immediately.
Upgrade the Azure UAMQP C Library submodule to commit 30865c9c. There are no known workarounds.
As of now, there are no confirmed reports of active exploitation, but the CRITICAL severity and use-after-free nature suggest a high potential for exploitation.
Refer to the official Azure Security Update Guide for details and updates: [https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-25110](https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-25110)