Vulnerability Description
RabbitMQ all versions prior to 3.8.16 are prone to a denial of service vulnerability due to improper input validation in AMQP 1.0 client connection endpoint. A malicious user can exploit the vulnerability by sending malicious AMQP messages to the target RabbitMQ instance having the AMQP 1.0 plugin enabled.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Vmware | Rabbitmq | < 3.8.16 |
| Debian | Debian Linux | 9.0 |
Related Weaknesses (CWE)
References
- https://lists.debian.org/debian-lts-announce/2021/07/msg00011.htmlMailing ListThird Party Advisory
- https://tanzu.vmware.com/security/cve-2021-22116Vendor Advisory
- https://lists.debian.org/debian-lts-announce/2021/07/msg00011.htmlMailing ListThird Party Advisory
- https://tanzu.vmware.com/security/cve-2021-22116Vendor Advisory
FAQ
What is CVE-2021-22116?
CVE-2021-22116 is a vulnerability with a CVSS score of 7.5 (HIGH). RabbitMQ all versions prior to 3.8.16 are prone to a denial of service vulnerability due to improper input validation in AMQP 1.0 client connection endpoint. A malicious user can exploit the vulnerabi...
How severe is CVE-2021-22116?
CVE-2021-22116 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2021-22116?
Check the references section above for vendor advisories and patch information. Affected products include: Vmware Rabbitmq, Debian Debian Linux.