Vulnerability Description
The RabbitMQ Java client library allows Java and JVM-based applications to connect to and interact with RabbitMQ nodes. `maxBodyLebgth` was not used when receiving Message objects. Attackers could send a very large Message causing a memory overflow and triggering an OOM Error. Users of RabbitMQ may suffer from DoS attacks from RabbitMQ Java client which will ultimately exhaust the memory of the consumer. This vulnerability was patched in version 5.18.0.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Vmware | Rabbitmq Java Client | < 5.18.0 |
Related Weaknesses (CWE)
References
- https://github.com/rabbitmq/rabbitmq-java-client/commit/714aae602dcae6cb4b53cadfPatch
- https://github.com/rabbitmq/rabbitmq-java-client/issues/1062Issue TrackingPatch
- https://github.com/rabbitmq/rabbitmq-java-client/releases/tag/v5.18.0Release Notes
- https://github.com/rabbitmq/rabbitmq-java-client/security/advisories/GHSA-mm8h-8ExploitVendor Advisory
- https://github.com/rabbitmq/rabbitmq-java-client/commit/714aae602dcae6cb4b53cadfPatch
- https://github.com/rabbitmq/rabbitmq-java-client/issues/1062Issue TrackingPatch
- https://github.com/rabbitmq/rabbitmq-java-client/releases/tag/v5.18.0Release Notes
- https://github.com/rabbitmq/rabbitmq-java-client/security/advisories/GHSA-mm8h-8ExploitVendor Advisory
FAQ
What is CVE-2023-46120?
CVE-2023-46120 is a vulnerability with a CVSS score of 4.9 (MEDIUM). The RabbitMQ Java client library allows Java and JVM-based applications to connect to and interact with RabbitMQ nodes. `maxBodyLebgth` was not used when receiving Message objects. Attackers could se...
How severe is CVE-2023-46120?
CVE-2023-46120 has been rated MEDIUM with a CVSS base score of 4.9/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2023-46120?
Check the references section above for vendor advisories and patch information. Affected products include: Vmware Rabbitmq Java Client.