{"id":"CVE-2019-18609","details":"An issue was discovered in amqp_handle_input in amqp_connection.c in rabbitmq-c 0.9.0. There is an integer overflow that leads to heap memory corruption in the handling of CONNECTION_STATE_HEADER. A rogue server could return a malicious frame header that leads to a smaller target_size value than needed. This condition is then carried on to a memcpy function that copies too much data into a heap buffer.","modified":"2026-04-11T12:42:32.839504Z","published":"2019-12-01T22:15:10.897Z","related":["ALSA-2020:4445","openSUSE-SU-2024:11293-1"],"references":[{"type":"WEB","url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WA7CPNVYMF6OQNIYNLWUY6U2GTKFOKH3/"},{"type":"WEB","url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XQER6XTKYMHNQR7QTHW7DJAH645WQROU/"},{"type":"ADVISORY","url":"https://lists.debian.org/debian-lts-announce/2019/12/msg00004.html"},{"type":"ADVISORY","url":"https://usn.ubuntu.com/4214-1/"},{"type":"ADVISORY","url":"https://usn.ubuntu.com/4214-2/"},{"type":"ADVISORY","url":"https://github.com/alanxz/rabbitmq-c/blob/master/ChangeLog.md"},{"type":"ADVISORY","url":"https://security.gentoo.org/glsa/202003-07"},{"type":"REPORT","url":"https://news.ycombinator.com/item?id=21681976"},{"type":"FIX","url":"https://github.com/alanxz/rabbitmq-c/commit/fc85be7123050b91b054e45b91c78d3241a5047a"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/alanxz/rabbitmq-c","events":[{"introduced":"0"},{"fixed":"ffe918a5fcef72038a88054dca3c56762b1953d4"},{"fixed":"fc85be7123050b91b054e45b91c78d3241a5047a"}],"database_specific":{"versions":[{"introduced":"0"},{"fixed":"0.10.0"}]}}],"versions":["0.2","librabbitmq-0.1-amqp_0_8","rabbitmq-c-v0.3.0","v0.1","v0.2","v0.3.0","v0.4.0","v0.4.0-test","v0.5.0","v0.5.1","v0.5.2","v0.6.0","v0.7.0","v0.7.1","v0.8.0","v0.9.0-master"],"database_specific":{"vanir_signatures_modified":"2026-04-11T12:42:32Z","unresolved_ranges":[{"events":[{"introduced":"0"},{"last_affected":"30"}]},{"events":[{"introduced":"0"},{"last_affected":"31"}]},{"events":[{"introduced":"0"},{"last_affected":"14.04"}]},{"events":[{"introduced":"0"},{"last_affected":"16.04"}]},{"events":[{"introduced":"0"},{"last_affected":"18.04"}]},{"events":[{"introduced":"0"},{"last_affected":"19.04"}]},{"events":[{"introduced":"0"},{"last_affected":"19.10"}]},{"events":[{"introduced":"0"},{"last_affected":"8.0"}]}],"vanir_signatures":[{"deprecated":false,"id":"CVE-2019-18609-10f09550","digest":{"threshold":0.9,"line_hashes":["243814341639543304421666209824618441313","183455278906321621184992196995879566177","182357040532403947509468435054005069746","225885130475099735426407665019057949072","236275910161916524206322804826057425579","44673271485574882728132486074926918671"]},"target":{"file":"librabbitmq/amqp_connection.c"},"signature_type":"Line","signature_version":"v1","source":"https://github.com/alanxz/rabbitmq-c/commit/fc85be7123050b91b054e45b91c78d3241a5047a"},{"deprecated":false,"id":"CVE-2019-18609-2c47032f","digest":{"function_hash":"238469019489558242787949093743451899054","length":3589},"target":{"function":"amqp_handle_input","file":"librabbitmq/amqp_connection.c"},"signature_type":"Function","signature_version":"v1","source":"https://github.com/alanxz/rabbitmq-c/commit/fc85be7123050b91b054e45b91c78d3241a5047a"}],"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2019-18609.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}]}