CVE-2023-46118 — Vulnetix

Try Vulnetix Request Demo

CVE-2023-46118 PUBLISHED

RabbitMQ is a multi-protocol messaging and streaming broker. HTTP API did not enforce an HTTP request body limit, making it vulnerable for denial of service (DoS) attacks with very large messages. An authenticated user with sufficient credentials can publish a very large messages over the HTTP API and cause target node to be terminated by an "out-of-memory killer"-like mechanism. This vulnerability has been patched in versions 3.11.24 and 3.12.7.

EPSS 0.28% · 50.9th percentile

Risk Scores

EPSS Score

0.28%

50.9th percentile

Affected Products

Vendor	Product	Versions
Bitnami	rabbitmq	0, 3.12.0
Bitnami	rabbitmq	0, 3.12.0

Timeline

Oct 23, 2023 CVE Published
Oct 25, 2023 EPSS Score
Nov 24, 2023 EPSS Score
Dec 25, 2023 EPSS Score
Jan 24, 2024 EPSS Score
Mar 25, 2024 EPSS Score
Apr 24, 2024 EPSS Score
May 25, 2024 EPSS Score
Jun 24, 2024 EPSS Score
Jul 24, 2024 EPSS Score
Aug 24, 2024 EPSS Score
Sep 23, 2024 EPSS Score

References

Open in Interactive Console →