{"id":"CVE-2024-27099","summary":"Azure IoT Platform Device SDK Double Free Vulnerability","details":"The uAMQP is a C library for AMQP 1.0 communication to Azure Cloud Services. When processing an incorrect `AMQP_VALUE` failed state, may cause a double free problem. This may cause a RCE. Update submodule with commit 2ca42b6e4e098af2d17e487814a91d05f6ae4987.","aliases":["GHSA-6rh4-fj44-v4jj"],"modified":"2026-05-23T23:11:07.830443Z","published":"2024-02-27T18:58:26.274Z","related":["SUSE-SU-2024:0947-1","openSUSE-SU-2024:13729-1"],"database_specific":{"cna_assigner":"GitHub_M","osv_generated_from":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2024/27xxx/CVE-2024-27099.json","unresolved_ranges":[{"source":"AFFECTED_FIELD","extracted_events":[{"fixed":"2023-2-08"}]}],"cwe_ids":["CWE-415"]},"references":[{"type":"ADVISORY","url":"https://github.com/Azure/azure-uamqp-c/security/advisories/GHSA-6rh4-fj44-v4jj"},{"type":"ADVISORY","url":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2024/27xxx/CVE-2024-27099.json"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2024-27099"},{"type":"FIX","url":"https://github.com/Azure/azure-uamqp-c/commit/2ca42b6e4e098af2d17e487814a91d05f6ae4987"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/azure/azure-uamqp-c","events":[{"introduced":"0"},{"fixed":"2ca42b6e4e098af2d17e487814a91d05f6ae4987"}],"database_specific":{"source":"REFERENCES"}}],"versions":["LTS_07_2022_Ref02","2020-12-09","LTS_02_2020_Ref01","2020-07-19","2018-11-20","1.2.11","2018-10-03","1.2.10","2018-09-11","1.2.9","2018-07-11","1.2.8","2018-06-27","1.1.7","2018-06-26","1.2.6","2018-06-15","1.2.5","2018-04-04","1.2.4","2018-04-13","1.2.3","2018-04-02","1.2.2","1.0.0-pre-release-1.0.8","v1.2.0","2018-03-07-temp-pod","2018-03-01-temp-pod-1","2018-01-29","2018-01-12","2017-12-14","2017-11-17","2017-11-03","2017-10-20","2017-10-09","2017-09-25","2017-09-08","2017-08-11","2017-07-14","2017-05-05","2017-04-07","2017-04-06","2016-11-17","2016-09-09","2016-08-16","2016-03-03"],"database_specific":{"vanir_signatures":[{"target":{"function":"link_frame_received","file":"src/link.c"},"id":"CVE-2024-27099-6099aebe","deprecated":false,"digest":{"length":6095,"function_hash":"244662739316117236140791295392823602087"},"signature_version":"v1","signature_type":"Function","source":"https://github.com/azure/azure-uamqp-c/commit/2ca42b6e4e098af2d17e487814a91d05f6ae4987"},{"target":{"file":"src/link.c"},"id":"CVE-2024-27099-9e2db29f","deprecated":false,"digest":{"threshold":0.9,"line_hashes":["108587633537507210242609878158511307392","160452673510098083035489543941216834770","112205478071487406712030953259419779646","119485482305993897163478625563792846654","45488740952744200082612943561926706776"]},"signature_version":"v1","signature_type":"Line","source":"https://github.com/azure/azure-uamqp-c/commit/2ca42b6e4e098af2d17e487814a91d05f6ae4987"}],"vanir_signatures_modified":"2026-05-23T23:11:07Z","source":"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2024-27099.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}]}