First published: Tue Oct 24 2023(Updated: )
The RabbitMQ Java client library allows Java and JVM-based applications to connect to and interact with RabbitMQ nodes. `maxBodyLebgth` was not used when receiving Message objects. Attackers could send a very large Message causing a memory overflow and triggering an OOM Error. Users of RabbitMQ may suffer from DoS attacks from RabbitMQ Java client which will ultimately exhaust the memory of the consumer. This vulnerability was patched in version 5.18.0.
Credit: security-advisories@github.com security-advisories@github.com
Affected Software | Affected Version | How to fix |
---|---|---|
Vmware Rabbitmq Java Client | <5.18.0 | |
maven/com.rabbitmq:amqp-client | <5.18.0 | 5.18.0 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
The vulnerability ID is CVE-2023-46120.
The summary of CVE-2023-46120 vulnerability is that the `maxBodyLebgth` parameter was not used when receiving Message objects, allowing attackers to send a large message causing a memory overflow and triggering an Out-of-Memory (OOM) error.
The severity score of CVE-2023-46120 is 4.9 (medium severity).
The CVE-2023-46120 vulnerability can be exploited by an attacker sending a very large Message to trigger a memory overflow and an Out-of-Memory (OOM) error.
The affected software for CVE-2023-46120 is RabbitMQ version up to 5.18.0.