rpm package
almalinux/librabbitmq-devel
pkg:rpm/almalinux/librabbitmq-devel
Vulnerabilities (2)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2023-35789 | — | < 0.11.0-7.el9 | 0.11.0-7.el9 | Jun 16, 2023 | An issue was discovered in the C AMQP client library (aka rabbitmq-c) through 0.13.0 for RabbitMQ. Credentials can only be entered on the command line (e.g., for amqp-publish or amqp-consume) and are thus visible to local attackers by listing a process and its arguments. | ||
| CVE-2019-18609 | — | < 0.9.0-2.el8 | 0.9.0-2.el8 | Dec 1, 2019 | An issue was discovered in amqp_handle_input in amqp_connection.c in rabbitmq-c 0.9.0. There is an integer overflow that leads to heap memory corruption in the handling of CONNECTION_STATE_HEADER. A rogue server could return a malicious frame header that leads to a smaller target |
- CVE-2023-35789Jun 16, 2023affected < 0.11.0-7.el9fixed 0.11.0-7.el9
An issue was discovered in the C AMQP client library (aka rabbitmq-c) through 0.13.0 for RabbitMQ. Credentials can only be entered on the command line (e.g., for amqp-publish or amqp-consume) and are thus visible to local attackers by listing a process and its arguments.
- CVE-2019-18609Dec 1, 2019affected < 0.9.0-2.el8fixed 0.9.0-2.el8
An issue was discovered in amqp_handle_input in amqp_connection.c in rabbitmq-c 0.9.0. There is an integer overflow that leads to heap memory corruption in the handling of CONNECTION_STATE_HEADER. A rogue server could return a malicious frame header that leads to a smaller target