{"id":"UBUNTU-CVE-2012-4458","details":"The AMQP type decoder in Apache Qpid 0.20 and earlier allows remote attackers to cause a denial of service (memory consumption and server crash) via a large number of zero width elements in the client-properties map in a connection.start-ok message.","modified":"2025-10-24T04:44:57Z","published":"2013-03-14T03:10:00Z","upstream":["CVE-2012-4458"],"references":[{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2012-4458"},{"type":"REPORT","url":"https://rhn.redhat.com/errata/RHSA-2013-0561.html"},{"type":"REPORT","url":"https://issues.apache.org/jira/browse/QPID-4629"},{"type":"REPORT","url":"https://www.cve.org/CVERecord?id=CVE-2012-4458"}],"affected":[{"package":{"name":"qpid-cpp","ecosystem":"Ubuntu:16.04:LTS","purl":"pkg:deb/ubuntu/qpid-cpp@0.16-9ubuntu2?arch=source&distro=xenial"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"}]}],"versions":["0.16-9build1","0.16-9ubuntu1","0.16-9ubuntu2"],"ecosystem_specific":{"binaries":[{"binary_version":"0.16-9ubuntu2","binary_name":"libqmf-dev"},{"binary_version":"0.16-9ubuntu2","binary_name":"libqmf1"},{"binary_version":"0.16-9ubuntu2","binary_name":"libqmf2-1"},{"binary_version":"0.16-9ubuntu2","binary_name":"libqmf2-dev"},{"binary_version":"0.16-9ubuntu2","binary_name":"libqmfconsole2"},{"binary_version":"0.16-9ubuntu2","binary_name":"libqmfconsole2-dev"},{"binary_version":"0.16-9ubuntu2","binary_name":"libqmfengine1"},{"binary_version":"0.16-9ubuntu2","binary_name":"libqmfengine1-dev"},{"binary_version":"0.16-9ubuntu2","binary_name":"libqpid-perl"},{"binary_version":"0.16-9ubuntu2","binary_name":"libqpid-ruby1.8"},{"binary_version":"0.16-9ubuntu2","binary_name":"libqpidbroker2"},{"binary_version":"0.16-9ubuntu2","binary_name":"libqpidbroker2-dev"},{"binary_version":"0.16-9ubuntu2","binary_name":"libqpidclient2"},{"binary_version":"0.16-9ubuntu2","binary_name":"libqpidclient2-dev"},{"binary_version":"0.16-9ubuntu2","binary_name":"libqpidcommon2"},{"binary_version":"0.16-9ubuntu2","binary_name":"libqpidcommon2-dev"},{"binary_version":"0.16-9ubuntu2","binary_name":"libqpidmessaging2"},{"binary_version":"0.16-9ubuntu2","binary_name":"libqpidmessaging2-dev"},{"binary_version":"0.16-9ubuntu2","binary_name":"libqpidtypes1"},{"binary_version":"0.16-9ubuntu2","binary_name":"libqpidtypes1-dev"},{"binary_version":"0.16-9ubuntu2","binary_name":"librdmawrap2"},{"binary_version":"0.16-9ubuntu2","binary_name":"librdmawrap2-dev"},{"binary_version":"0.16-9ubuntu2","binary_name":"libsslcommon2"},{"binary_version":"0.16-9ubuntu2","binary_name":"libsslcommon2-dev"},{"binary_version":"0.16-9ubuntu2","binary_name":"python-cqmf2"},{"binary_version":"0.16-9ubuntu2","binary_name":"python-cqpid"},{"binary_version":"0.16-9ubuntu2","binary_name":"python-qmf"},{"binary_version":"0.16-9ubuntu2","binary_name":"python-qmf2"},{"binary_version":"0.16-9ubuntu2","binary_name":"qmfgen"},{"binary_version":"0.16-9ubuntu2","binary_name":"qpid-client"},{"binary_version":"0.16-9ubuntu2","binary_name":"qpidd"},{"binary_version":"0.16-9ubuntu2","binary_name":"ruby-qpid"}]},"database_specific":{"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2012/UBUNTU-CVE-2012-4458.json"}}],"schema_version":"1.7.3","severity":[{"type":"Ubuntu","score":"medium"}]}