[Debian] High CVE: CVE-2023-46118 rabbitmq-server - denial of service (DoS) attacks
Bug #2045522 reported by
Yue Tao
This bug affects 1 person
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
StarlingX |
Fix Released
|
High
|
Zhixiong Chi |
Bug Description
CVE-2023-46118: https:/
RabbitMQ is a multi-protocol messaging and streaming broker. HTTP API did not enforce an HTTP request body limit, making it vulnerable for denial of service (DoS) attacks with very large messages. An authenticated user with sufficient credentials can publish a very large messages over the HTTP API and cause target node to be terminated by an "out-of-memory killer"-like mechanism. This vulnerability has been patched in versions 3.11.24 and 3.12.7.
Base Score: High
Reference:
rabbitmq-
https:/
https:/
CVE References
Changed in starlingx: | |
assignee: | nobody → Zhixiong Chi (zhixiongchi) |
status: | Triaged → In Progress |
To post a comment you must log in.
Fix proposed to branch: master /review. opendev. org/c/starlingx /upstream/ +/902738
Review: https:/