CVE-2023-46120
- Source
- https://cve.org/CVERecord?id=CVE-2023-46120
- Import Source
- https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2023-46120.json
- JSON Data
- https://api.osv.dev/v1/vulns/CVE-2023-46120
- Aliases
- Downstream
- Related
- Published
- 2023-10-24T23:05:24.172Z
- Modified
- 2026-04-10T05:01:48.373824Z
- Severity
-
- 4.9 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H CVSS Calculator
- Summary
- RabbitMQ Java client's lack of message size limitation leads to remote DoS attack
- Details
-
The RabbitMQ Java client library allows Java and JVM-based applications to connect to and interact with RabbitMQ nodes.
maxBodyLebgthwas not used when receiving Message objects. Attackers could send a very large Message causing a memory overflow and triggering an OOM Error. Users of RabbitMQ may suffer from DoS attacks from RabbitMQ Java client which will ultimately exhaust the memory of the consumer. This vulnerability was patched in version 5.18.0. - Database specific
{ "cna_assigner": "GitHub_M", "cwe_ids": [ "CWE-400" ], "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2023/46xxx/CVE-2023-46120.json" }- References
-
- https://github.com/rabbitmq/rabbitmq-java-client/releases/tag/v5.18.0
- https://github.com/CVEProject/cvelistV5/tree/main/cves/2023/46xxx/CVE-2023-46120.json
- https://github.com/rabbitmq/rabbitmq-java-client/security/advisories/GHSA-mm8h-8587-p46h
- https://nvd.nist.gov/vuln/detail/CVE-2023-46120
- https://github.com/rabbitmq/rabbitmq-java-client/issues/1062
- https://github.com/rabbitmq/rabbitmq-java-client/commit/714aae602dcae6cb4b53cadf009323ebac313cc8
Affected packages
Git / github.com/rabbitmq/rabbitmq-java-client
Affected ranges
- Type
- GIT
- Repo
- https://github.com/rabbitmq/rabbitmq-java-client
- Events
-
Introduced0 Unknown introduced commit / All previous commits are affectedFixed
Affected versions
Other
rabbitmq_v1_4_0
rabbitmq_v1_6_0
rabbitmq_v1_7_0
rabbitmq_v1_7_1
rabbitmq_v1_7_2
rabbitmq_v1_8_0
rabbitmq_v1_8_1
rabbitmq_v2_4_0
rabbitmq_v2_7_0
rabbitmq_v3_4_1
rabbitmq_v3_4_2
rabbitmq_v3_4_3
rabbitmq_v3_4_4
rabbitmq_v3_5_0
rabbitmq_v3_6_0
rabbitmq_v3_6_0_milestone1
rabbitmq_v3_6_0_milestone2
rabbitmq_v3_6_0_milestone3
rabbitmq_v3_6_0_rc1
rabbitmq_v3_6_0_rc2
rabbitmq_v3_6_0_rc3
rabbitmq_v3_7_0_milestone1
rabbitmq_v3_7_0_milestone10
rabbitmq_v3_7_0_milestone11
rabbitmq_v3_7_0_milestone12
rabbitmq_v3_7_0_milestone13
rabbitmq_v3_7_0_milestone14
rabbitmq_v3_7_0_milestone15
rabbitmq_v3_7_0_milestone2
rabbitmq_v3_7_0_milestone3
rabbitmq_v3_7_0_milestone4
rabbitmq_v3_7_0_milestone5
rabbitmq_v3_7_0_milestone7
rabbitmq_v3_7_0_milestone8
rabbitmq_v3_7_0_milestone9
v4.*
v4.0.0
v4.0.0.M1
v4.0.0.M2
v4.0.0.RC1
v4.0.0.RC2
v4.1.0
v4.1.0.RC1
v5.*
v5.0.0
v5.0.0.RC1
v5.1.0
v5.1.0.RC1
v5.10.0
v5.10.0.RC1
v5.10.0.RC2
v5.11.0.RC1
v5.12.0
v5.12.0.RC1
v5.13.0
v5.13.0.RC1
v5.13.0.RC2
v5.14.0
v5.14.0.RC1
v5.15.0
v5.15.0.RC1
v5.16.0
v5.16.0.RC1
v5.17.0
v5.17.0.RC1
v5.17.0.RC2
v5.2.0
v5.2.0.RC1
v5.4.0
v5.4.0.M1
v5.4.0.RC1
v5.4.0.RC2
v5.4.0.RC3
v5.5.0
v5.5.0.RC1
v5.6.0
v5.6.0.RC1
v5.7.0
v5.7.0.RC1
v5.8.0
v5.8.0.RC1
v5.8.0.RC2
v5.9.0
v5.9.0.RC1