RabbitMQ is a multi-protocol messaging and streaming broker. HTTP API did not enforce an HTTP request body limit, making it vulnerable for denial of service (DoS) attacks with very large messages. An authenticated user with sufficient credentials can publish a very large messages over the HTTP API and cause target node to be terminated by an "out-of-memory killer"-like mechanism. This vulnerability has been patched in versions 3.11.24 and 3.12.7.
References
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: GitHub_M
Published: 2023-10-24T23:27:06.952Z
Updated: 2023-10-24T23:27:06.952Z
Reserved: 2023-10-16T17:51:35.571Z
Link: CVE-2023-46118
JSON object: View
NVD Information
Status : Modified
Published: 2023-10-25T18:17:36.117
Modified: 2023-12-14T01:15:08.103
Link: CVE-2023-46118
JSON object: View
Redhat Information
No data.
CWE