[Forgot Password]
Login  Register Subscribe

30481

 
 

423868

 
 

255116

 
 

909

 
 

198683

 
 

282

Paid content will be excluded from the download.


Download | Alert*
CVE
view JSON

CVE-2023-46118Date: (C)2023-10-26   (M)2024-01-23


RabbitMQ is a multi-protocol messaging and streaming broker. HTTP API did not enforce an HTTP request body limit, making it vulnerable for denial of service (DoS) attacks with very large messages. An authenticated user with sufficient credentials can publish a very large messages over the HTTP API and cause target node to be terminated by an "out-of-memory killer"-like mechanism. This vulnerability has been patched in versions 3.11.24 and 3.12.7.

CVSS Score and Metrics +CVSS Score and Metrics -

CVSS V3 Severity:CVSS V2 Severity:
CVSS Score : 4.9CVSS Score :
Exploit Score: 1.2Exploit Score:
Impact Score: 3.6Impact Score:
 
CVSS V3 Metrics:CVSS V2 Metrics:
Attack Vector: NETWORKAccess Vector:
Attack Complexity: LOWAccess Complexity:
Privileges Required: HIGHAuthentication:
User Interaction: NONEConfidentiality:
Scope: UNCHANGEDIntegrity:
Confidentiality: NONEAvailability:
Integrity: NONE 
Availability: HIGH 
  
Reference:
https://github.com/rabbitmq/rabbitmq-server/security/advisories/GHSA-w6cq-9cf4-gqpg
https://lists.debian.org/debian-lts-announce/2023/12/msg00009.html
https://www.debian.org/security/2023/dsa-5571

CWE    1
CWE-400
OVAL    6
oval:org.secpod.oval:def:96519
oval:org.secpod.oval:def:96531
oval:org.secpod.oval:def:612835
oval:org.secpod.oval:def:708604
...

© SecPod Technologies