Launchpad.net

Launchpad Home
Code
Bugs
Blueprints
Translations
Answers

CVE 2023-46118

RabbitMQ is a multi-protocol messaging and streaming broker. HTTP API did not enforce an HTTP request body limit, making it vulnerable for denial of service (DoS) attacks with very large messages. An authenticated user with sufficient credentials can publish a very large messages over the HTTP API and cause target node to be terminated by an "out-of-memory killer"-like mechanism. This vulnerability has been patched in versions 3.11.24 and 3.12.7.

Related bugs and status

CVE-2023-46118 (Candidate) is related to these bugs:

Bug #2045522: [Debian] High CVE: CVE-2023-46118 rabbitmq-server - denial of service (DoS) attacks

Summary				In	Importance	Status
	2045522	[Debian] High CVE: CVE-2023-46118 rabbitmq-server - denial of service (DoS) attacks		StarlingX	High	Fix Released

See the

CVE page on Mitre.org for more details.

References

MISC: https://github.com/rab...
DEBIAN: DSA-5571
MLIST: [debian-lts-announce] ...