Impact
The uAMQP is a C library for AMQP 1.0 communication to Azure Cloud Services. This library may be used by the Azure IoT C SDK for communication between IoT Hub and IoT Hub devices if the preferred protocol to the hub service is the AMQP protocol. These devices could be embedded devices (running an embedded OS such as FreeRTOS or Azure RTOS), as well as Linux and Windows based devices.
The vulnerability results from a situation where the uAMQP library attempts to free the same memory location twice while processing an incorrect “AMQP_VALUE” failed state which may lead to possible RCE. This may occur when a memory allocation has failed (usually due to a low memory event) or an AMQP protocol violation.
Requirements for RCE:
- Compromised Azure account allowing malformed payloads to be sent to the device via IoT Hub service
- Low memory device condition triggering failed memory allocation
- Ability to overwrite code space with remote code.
Patches
Update submodule with commit 12ddb3a
Workarounds
None
474172261 Analyst
Impact
The uAMQP is a C library for AMQP 1.0 communication to Azure Cloud Services. This library may be used by the Azure IoT C SDK for communication between IoT Hub and IoT Hub devices if the preferred protocol to the hub service is the AMQP protocol. These devices could be embedded devices (running an embedded OS such as FreeRTOS or Azure RTOS), as well as Linux and Windows based devices.
The vulnerability results from a situation where the uAMQP library attempts to free the same memory location twice while processing an incorrect “AMQP_VALUE” failed state which may lead to possible RCE. This may occur when a memory allocation has failed (usually due to a low memory event) or an AMQP protocol violation.
Requirements for RCE:
Patches
Update submodule with commit 12ddb3a
Workarounds
None