VDB
DEBIAN-CVE-2023-46118
DEBIAN-CVE-2023-46118
PUBLISHED
CVSS 4.900000095367432 MEDIUM
RabbitMQ is a multi-protocol messaging and streaming broker. HTTP API did not enforce an HTTP request body limit, making it vulnerable for denial of service (DoS) attacks with very large messages. An authenticated user with sufficient credentials can publish a very large messages over the HTTP API and cause target node to be terminated by an "out-of-memory killer"-like mechanism. This vulnerability has been patched in versions 3.11.24 and 3.12.7.
Risk Scores
CVSS v3.1
4.900000095367432
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Debian:14 | rabbitmq-server | 0, 0, 0 |
| Debian:12 | rabbitmq-server | 3.10.8-1.1, 0, 3.10.8-1.1 |
| Debian:13 | rabbitmq-server | 0, 0, 0 |
| Debian:11 | rabbitmq-server | 0, 0, 3.8.9-3 |
Timeline
- Oct 25, 2023 CVE Published
- Apr 28, 2026 CVE Updated