CVE-2023-46118

MEDIUM SEVERITY

CVSS Score & Metrics

Base Score

4.9 / 10

Vulnerability Description

RabbitMQ is a multi-protocol messaging and streaming broker. HTTP API did not enforce an HTTP request body limit, making it vulnerable for denial of service (DoS) attacks with very large messages. An authenticated user with sufficient credentials can publish a very large messages over the HTTP API and cause target node to be terminated by an "out-of-memory killer"-like mechanism. This vulnerability has been patched in versions 3.11.24 and 3.12.7.

Vulnerability Details

Published Date

June 30, 2026

Last Modified

June 30, 2026

Source

GitHub

Vendor

erlang

Product

rabbit_common

External References

https://github.com/rabbitmq/rabbitmq-server/security/advisories/GHSA-w6cq-9cf4-gqpg
https://nvd.nist.gov/vuln/detail/CVE-2023-46118
https://lists.debian.org/debian-lts-announce/2023/12/msg00009.html
https://www.debian.org/security/2023/dsa-5571
https://github.com/advisories/GHSA-w6cq-9cf4-gqpg

CVE-2023-46118

CVSS Score & Metrics

Vulnerability Description

Vulnerability Details

External References

Discussion (0)

Add Comment