BIT-rabbitmq-2023-46118

See a problem?

Import Source

https://github.com/bitnami/vulndb/tree/main/data/rabbitmq/BIT-rabbitmq-2023-46118.json

JSON Data

https://api.osv.dev/v1/vulns/BIT-rabbitmq-2023-46118

Aliases

CVE-2023-46118
GHSA-w6cq-9cf4-gqpg

Published

2024-03-06T11:03:02.882Z

Modified

2024-09-11T05:11:56.805576Z

Summary

[none]

Details

RabbitMQ is a multi-protocol messaging and streaming broker. HTTP API did not enforce an HTTP request body limit, making it vulnerable for denial of service (DoS) attacks with very large messages. An authenticated user with sufficient credentials can publish a very large messages over the HTTP API and cause target node to be terminated by an "out-of-memory killer"-like mechanism. This vulnerability has been patched in versions 3.11.24 and 3.12.7.

References

Affected packages

Bitnami / rabbitmq

Package

Name: rabbitmq
Purl: pkg:bitnami/rabbitmq

Severity

4.9 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H CVSS Calculator

Affected ranges

Type: SEMVER
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

3.11.24

Introduced

3.12.0

Fixed

3.12.7