CVE-2023-46118 Denial of Service by publishing large messages over the HTTP API

🗓️ 24 Oct 2023 23:27:06Reported by GitHub_MType

CVE-2023-46118 DoS vulnerability in RabbitMQ HTTP AP

Reporter	Title	Published	Views	Family All 54
IBM Security Bulletins	Security Bulletin: RabbitMQ HTTP API Vulnerability Allows Authenticated DoS via Large Message Payloads	27 Jun 202505:29	–	ibm
AstraLinux	Astra Linux – Vulnerability in rabbitMQ-server	3 May 202623:59	–	astralinux
Tenable Nessus	Azure Linux 3.0 Security Update: rabbitmq-server (CVE-2023-46118)	10 Feb 202500:00	–	nessus
Tenable Nessus	Debian dla-3687 : rabbitmq-server - security update	14 Dec 202300:00	–	nessus
Tenable Nessus	Debian DSA-5571-1 : rabbitmq-server - security update	1 Dec 202300:00	–	nessus
Tenable Nessus	CBL Mariner 2.0 Security Update: rabbitmq-server (CVE-2023-46118)	13 Dec 202400:00	–	nessus
Tenable Nessus	RabbitMQ 3.11.x < 3.11.24 / 3.12.x < 3.12.7 Denial of Service	17 Apr 202500:00	–	nessus
Tenable Nessus	RHEL 9 : Red Hat OpenStack Platform 17.1 (rabbitmq-server) (RHSA-2024:0217)	16 Jan 202400:00	–	nessus
Tenable Nessus	SUSE SLES15 / openSUSE 15 Security Update : rabbitmq-server (SUSE-SU-2023:4939-1)	21 Dec 202300:00	–	nessus
Tenable Nessus	SUSE SLES15 / openSUSE 15 : Feature update for rabbitmq-server313, erlang26, elixir115 (SUSE-SU-SUSE-FU-2024:2078-1)	20 Jun 202400:00	–	nessus

[
  {
    "vendor": "rabbitmq",
    "product": "rabbitmq-server",
    "versions": [
      {
        "version": "< 3.12.7",
        "status": "affected"
      },
      {
        "version": "< 3.11.24",
        "status": "affected"
      }
    ]
  }
]

Source	Link
github	www.github.com/rabbitmq/rabbitmq-server/security/advisories/GHSA-w6cq-9cf4-gqpg
debian	www.debian.org/security/2023/dsa-5571
lists	www.lists.debian.org/debian-lts-announce/2023/12/msg00009.html

14 Dec 2023 00:06Current

5.5Medium risk

Vulners AI Score5.5

CVSS 3.14.9

EPSS0.01077

CWE-400