Impact
The uAMQP is a C library for AMQP 1.0 communication to Azure Cloud Services. This library may be used by the Azure IoT C SDK for communication between IoT Hub and IoT Hub devices if the preferred protocol to the hub service is the AMQP protocol.
The vulnerability results from a situation where the uAMQP integer overflow exists during decoding a “AMQP_VALUE” with a payload length near max memory size of the system, which may lead to possible RCE.
Requirements for RCE:
- Compromised Azure account allowing malformed payloads to be sent to the device via IoT Hub service
- By passing IoT hub service max message payload limit of 128KB.
- Ability to overwrite code space with remote code
Patches
Update submodule with commit 30865c9
Workarounds
None
Impact
The uAMQP is a C library for AMQP 1.0 communication to Azure Cloud Services. This library may be used by the Azure IoT C SDK for communication between IoT Hub and IoT Hub devices if the preferred protocol to the hub service is the AMQP protocol.
The vulnerability results from a situation where the uAMQP integer overflow exists during decoding a “AMQP_VALUE” with a payload length near max memory size of the system, which may lead to possible RCE.
Requirements for RCE:
Patches
Update submodule with commit 30865c9
Workarounds
None