vulnerability

Debian: CVE-2023-46118: rabbitmq-server -- security update

Try Surface Command

Back to search

Severity	CVSS	Published	Added	Modified
6	(AV:N/AC:L/Au:M/C:N/I:N/A:C)	Oct 25, 2023	Dec 4, 2023	Mar 30, 2026

Severity

CVSS

(AV:N/AC:L/Au:M/C:N/I:N/A:C)

Published

Oct 25, 2023

Added

Dec 4, 2023

Modified

Mar 30, 2026

Description

RabbitMQ is a multi-protocol messaging and streaming broker. HTTP API did not enforce an HTTP request body limit, making it vulnerable for denial of service (DoS) attacks with very large messages. An authenticated user with sufficient credentials can publish a very large messages over the HTTP API and cause target node to be terminated by an "out-of-memory killer"-like mechanism. This vulnerability has been patched in versions 3.11.24 and 3.12.7.

Solution

debian-upgrade-rabbitmq-server

References

CVE-2023-46118
https://attackerkb.com/topics/CVE-2023-46118
CWE-400
DEBIAN-DSA-5571-1
EUVD-EUVD-2023-50377
https://euvd.enisa.europa.eu/vulnerability/EUVD-2023-50377

Rapid7 Labs

2026 Global Threat Landscape Report

The predictive window has collapsed. Exploitation follows disclosure in days. See how attackers are accelerating and how to stay ahead.

Get report