CVE-2023-46118

CVSS V2 None CVSS V3 None

Description

RabbitMQ is a multi-protocol messaging and streaming broker. HTTP API did not enforce an HTTP request body limit, making it vulnerable for denial of service (DoS) attacks with very large messages. An authenticated user with sufficient credentials can publish a very large messages over the HTTP API and cause target node to be terminated by an "out-of-memory killer"-like mechanism. This vulnerability has been patched in versions 3.11.24 and 3.12.7.

Overview

CVE ID
CVE-2023-46118

Assigner
GitHub_M

Vulnerability Status
PUBLISHED

Published Version
2023-10-24T23:27:06.952Z

Last Modified Date
2023-10-24T23:27:06.952Z

Weakness Enumerations

CWE	URL
CWE-400	http://cwe.mitre.org/data/definitions/400.html

References

Reference URL	Reference Tags
https://github.com/rabbitmq/rabbitmq-server/security/advisories/GHSA-w6cq-9cf4-gqpg	x_refsource_CONFIRM
https://www.debian.org/security/2023/dsa-5571
https://lists.debian.org/debian-lts-announce/2023/12/msg00009.html

Sources

Source Name	Source URL
NIST	https://nvd.nist.gov/vuln/detail/CVE-2023-46118
MITRE	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-46118

History

Created	Old Value	New Value	Data Type	Notes
2024-06-24 22:31:04				Added to TrackCVE