Description
RabbitMQ is a multi-protocol messaging and streaming broker. HTTP API did not enforce an HTTP request body limit, making it vulnerable for denial of service (DoS) attacks with very large messages. An authenticated user with sufficient credentials can publish a very large messages over the HTTP API and cause target node to be terminated by an "out-of-memory killer"-like mechanism. This vulnerability has been patched in versions 3.11.24 and 3.12.7.
No analysis available yet.
Remediation
No remediation available yet.
Tracking
Sign in to view the affected projects.
Advisories
| Source | ID | Title |
|---|---|---|
Debian DLA |
DLA-3687-1 | rabbitmq-server security update |
Debian DSA |
DSA-5571-1 | rabbitmq-server security update |
EUVD |
EUVD-2023-50377 | RabbitMQ is a multi-protocol messaging and streaming broker. HTTP API did not enforce an HTTP request body limit, making it vulnerable for denial of service (DoS) attacks with very large messages. An authenticated user with sufficient credentials can publish a very large messages over the HTTP API and cause target node to be terminated by an "out-of-memory killer"-like mechanism. This vulnerability has been patched in versions 3.11.24 and 3.12.7. |
Github GHSA |
GHSA-w6cq-9cf4-gqpg | RabbitMQ vulnerable to Denial of Service by publishing large messages over the HTTP API |
Ubuntu USN |
USN-6501-1 | RabbitMQ vulnerability |
References
History
No history.
Status: PUBLISHED
Assigner: GitHub_M
Published:
Updated: 2025-02-13T17:14:16.640Z
Reserved: 2023-10-16T17:51:35.571Z
Link: CVE-2023-46118
No data.
Status : Modified
Published: 2023-10-25T18:17:36.117
Modified: 2026-06-17T06:30:11.217
Link: CVE-2023-46118
OpenCVE Enrichment
No data.
Weaknesses
-
CWE-400
Uncontrolled Resource Consumption
Debian DLA
Debian DSA
EUVD
Github GHSA
Ubuntu USN