vulnerability

SUSE: CVE-2023-46118: SUSE Linux Security Advisory

Try Surface Command
Back to search
Severity
6
CVSS
(AV:N/AC:L/Au:M/C:N/I:N/A:C)
Published
Oct 25, 2023
Added
Dec 21, 2023
Modified
Jan 28, 2025

Description

RabbitMQ is a multi-protocol messaging and streaming broker. HTTP API did not enforce an HTTP request body limit, making it vulnerable for denial of service (DoS) attacks with very large messages. An authenticated user with sufficient credentials can publish a very large messages over the HTTP API and cause target node to be terminated by an "out-of-memory killer"-like mechanism. This vulnerability has been patched in versions 3.11.24 and 3.12.7.

Solution(s)

suse-upgrade-elixir115suse-upgrade-elixir115-docsuse-upgrade-erlang-rabbitmq-clientsuse-upgrade-erlang-rabbitmq-client313suse-upgrade-erlang26suse-upgrade-erlang26-debuggersuse-upgrade-erlang26-debugger-srcsuse-upgrade-erlang26-dialyzersuse-upgrade-erlang26-dialyzer-srcsuse-upgrade-erlang26-diametersuse-upgrade-erlang26-diameter-srcsuse-upgrade-erlang26-docsuse-upgrade-erlang26-epmdsuse-upgrade-erlang26-etsuse-upgrade-erlang26-et-srcsuse-upgrade-erlang26-jinterfacesuse-upgrade-erlang26-jinterface-srcsuse-upgrade-erlang26-observersuse-upgrade-erlang26-observer-srcsuse-upgrade-erlang26-reltoolsuse-upgrade-erlang26-reltool-srcsuse-upgrade-erlang26-srcsuse-upgrade-erlang26-wxsuse-upgrade-erlang26-wx-srcsuse-upgrade-rabbitmq-serversuse-upgrade-rabbitmq-server-pluginssuse-upgrade-rabbitmq-server313suse-upgrade-rabbitmq-server313-plugins

References

Title
NEW

Explore Exposure Command

Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.

Try it today