CVE-2024-25110

CVSS 3.1 Score 9.8 of 10 (high)

Details

Published Feb 12, 2024

CWE ID 94

Summary

CVE-2024-25110 is a memory vulnerability affecting the UAMQP C library for Advanced Message Queuing Protocol (AMQP) 1.0. During the execution of the open_get_offered_capabilities function, a memory allocation may fail, leading to a use-after-free issue. If this occurs during connection communication, it can result in remote code execution. Impacted users are urged to update the submodule with commit `30865c9c`. Currently, there are no known workarounds to mitigate this vulnerability.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

https://app.recordedfuture.com/live/sc/entity/uaLx0Q
https://www.cve.org/CVERecord?id=CVE-2024-25110
https://nvd.nist.gov/vuln/detail/CVE-2024-25110

Back to Vulnerability Database

CVE-2024-25110

CVSS 3.1 Score 9.8 of 10 (high)

Details

Summary

Advisories, Assessments, and Mitigations