{"id":"CVE-2024-27099","summary":"Azure IoT Platform Device SDK Double Free Vulnerability","details":"The uAMQP is a C library for AMQP 1.0 communication to Azure Cloud Services. When processing an incorrect `AMQP_VALUE` failed state, may cause a double free problem. This may cause a RCE. Update submodule with commit 2ca42b6e4e098af2d17e487814a91d05f6ae4987.","aliases":["GHSA-6rh4-fj44-v4jj"],"modified":"2026-04-10T05:11:09.694046Z","published":"2024-02-27T18:58:26.274Z","related":["SUSE-SU-2024:0947-1","openSUSE-SU-2024:13729-1"],"database_specific":{"osv_generated_from":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2024/27xxx/CVE-2024-27099.json","cwe_ids":["CWE-415"],"cna_assigner":"GitHub_M"},"references":[{"type":"ADVISORY","url":"https://github.com/Azure/azure-uamqp-c/security/advisories/GHSA-6rh4-fj44-v4jj"},{"type":"ADVISORY","url":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2024/27xxx/CVE-2024-27099.json"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2024-27099"},{"type":"FIX","url":"https://github.com/Azure/azure-uamqp-c/commit/2ca42b6e4e098af2d17e487814a91d05f6ae4987"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/azure/azure-uamqp-c","events":[{"introduced":"0"},{"fixed":"2ca42b6e4e098af2d17e487814a91d05f6ae4987"}]},{"type":"GIT","repo":"https://github.com/azure/azure-uamqp-c","events":[{"introduced":"0"},{"fixed":"2ca42b6e4e098af2d17e487814a91d05f6ae4987"}]}],"versions":["1.0.0-pre-release-1.0.8","1.1.7","1.2.10","1.2.11","1.2.2","1.2.3","1.2.4","1.2.5","1.2.6","1.2.8","1.2.9","2016-03-03","2016-08-16","2016-09-09","2016-11-17","2017-04-06","2017-04-07","2017-05-05","2017-07-14","2017-08-11","2017-09-08","2017-09-25","2017-10-09","2017-10-20","2017-11-03","2017-11-17","2017-12-14","2018-01-12","2018-01-29","2018-03-01-temp-pod-1","2018-03-07-temp-pod","2018-04-02","2018-04-04","2018-04-13","2018-06-15","2018-06-26","2018-06-27","2018-07-11","2018-09-11","2018-10-03","2018-11-20","2020-07-19","2020-12-09","LTS_02_2020_Ref01","LTS_07_2022_Ref02","v1.2.0"],"database_specific":{"unresolved_ranges":[{"events":[{"introduced":"0"},{"fixed":"2023-2-08"}]}],"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-27099.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}]}