Published: 25/10/2023 Updated: 14/12/2023

CVSS v3 Base Score: 4.9 | Impact Score: 3.6 | Exploitability Score: 1.2

VMScore: 0

RabbitMQ is a multi-protocol messaging and streaming broker. HTTP API did not enforce an HTTP request body limit, making it vulnerable for denial of service (DoS) attacks with very large messages. An authenticated user with sufficient credentials can publish a very large messages over the HTTP API and cause target node to be terminated by an "out-of-memory killer"-like mechanism. This vulnerability has been patched in versions 3.11.24 and 3.12.7.

Vulnerable Product	Search on Vulmon	Subscribe to Product
vmware rabbitmq

Debian Bug report logs - #1056723 rabbitmq-server: CVE-2023-46118 Package: src:rabbitmq-server; Maintainer for src:rabbitmq-server is Debian OpenStack <team+openstack@trackerdebianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Sat, 25 Nov 2023 12:45:01 UTC Severity: important Tags: security, upst ...

It was discovered that missing input sanitising in the HTTP API endpoint of RabbitMQ, an implementation of the AMQP protocol, could result in denial of service For the oldstable distribution (bullseye), this problem has been fixed in version 389-3+deb11u1 For the stable distribution (bookworm), this problem has been fixed in version 3108-11+ ...

CWE-400 https://github.com/rabbitmq/rabbitmq-server/security/advisories/GHSA-w6cq-9cf4-gqpg https://www.debian.org/security/2023/dsa-5571 https://lists.debian.org/debian-lts-announce/2023/12/msg00009.html https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1056723 https://nvd.nist.gov https://www.debian.org/security/2023/dsa-5571

CVE-2023-46118

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

References

Vulmon Search

About

Products

Connect