Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2023-46120

The RabbitMQ Java client library allows Java and JVM-based applications to connect to and interact with RabbitMQ nodes. `maxBodyLebgth` was not used when receiving Message objects. Attackers could send a very large Message causing a memory overflow and triggering an OOM Error. Users of RabbitMQ may suffer from DoS attacks from RabbitMQ Java client which will ultimately exhaust the memory of the consumer. This vulnerability was patched in version 5.18.0.

Published

2023-10-25T18:17:36.257

Last Modified

2024-11-21T08:27:55.207

Status

Modified

Source

[email protected]

Severity

CVSSv3.1: 4.9 (MEDIUM)

Weaknesses

Type: Secondary
CWE-400
Type: Primary
CWE-400

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	vmware	rabbitmq_java_client	< 5.18.0	Yes

References

https://github.com/rabbitmq/rabbitmq-java-client/commit/714aae602dcae6cb4b53cadf009323ebac313cc8 Patch ([email protected])
https://github.com/rabbitmq/rabbitmq-java-client/issues/1062 Issue Tracking, Patch ([email protected])
https://github.com/rabbitmq/rabbitmq-java-client/releases/tag/v5.18.0 Release Notes ([email protected])
https://github.com/rabbitmq/rabbitmq-java-client/security/advisories/GHSA-mm8h-8587-p46h Exploit, Vendor Advisory ([email protected])
https://github.com/rabbitmq/rabbitmq-java-client/commit/714aae602dcae6cb4b53cadf009323ebac313cc8 Patch (af854a3a-2127-422b-91ae-364da2661108)
https://github.com/rabbitmq/rabbitmq-java-client/issues/1062 Issue Tracking, Patch (af854a3a-2127-422b-91ae-364da2661108)
https://github.com/rabbitmq/rabbitmq-java-client/releases/tag/v5.18.0 Release Notes (af854a3a-2127-422b-91ae-364da2661108)
https://github.com/rabbitmq/rabbitmq-java-client/security/advisories/GHSA-mm8h-8587-p46h Exploit, Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)