RabbitMQ is a multi-protocol messaging and streaming broker. HTTP API did not enforce an HTTP request body limit, making it vulnerable for denial of service (DoS) attacks with very large messages. An authenticated user with sufficient credentials can publish a very large messages over the HTTP API and cause target node to be terminated by an "out-of-memory killer"-like mechanism. This vulnerability has been patched in versions 3.11.24 and 3.12.7.
Metrics
Affected Vendors & Products
References
History
No history.
MITRE
Status: PUBLISHED
Assigner: GitHub_M
Published: 2023-10-24T23:27:06.952Z
Updated: 2024-08-02T20:37:39.445Z
Reserved: 2023-10-16T17:51:35.571Z
Link: CVE-2023-46118
Vulnrichment
No data.
NVD
Status : Modified
Published: 2023-10-25T18:17:36.117
Modified: 2024-11-21T08:27:54.927
Link: CVE-2023-46118
Redhat