CVE-2023-46118

MEDIUM Year: 2023
CVSS v3 Score
4.9
Medium
Weakness Type
CWE-400
View all →

Vulnerability Description

RabbitMQ is a multi-protocol messaging and streaming broker. HTTP API did not enforce an HTTP request body limit, making it vulnerable for denial of service (DoS) attacks with very large messages. An authenticated user with sufficient credentials can publish a very large messages over the HTTP API and cause target node to be terminated by an "out-of-memory killer"-like mechanism. This vulnerability has been patched in versions 3.11.24 and 3.12.7.

Related Vulnerabilities

CVE-2017-12076

MEDIUM
CVSS:4.9(Medium)

Uncontrolled Resource Consumption vulnerability in SYNO.Core.PortForwarding.Rules in Synology DiskStation (DSM) before 6.1.1-15088 allows remote authenticated attacker to exhaust the memory resources ...

CWE-4002017

CVE-2017-12077

MEDIUM
CVSS:4.9(Medium)

Uncontrolled Resource Consumption vulnerability in SYNO.Core.PortForwarding.Rules in Synology Router Manager (SRM) before 1.1.4-6509 allows remote authenticated attacker to exhaust the memory resource...

CWE-4002017

CVE-2018-20699

MEDIUM
CVSS:4.9(Medium)

Docker Engine before 18.09 allows attackers to cause a denial of service (dockerd memory consumption) via a large integer in a --cpuset-mems or --cpuset-cpus value, related to daemon/daemon_unix.go, p...

CWE-4002018

CVE-2019-13007

MEDIUM
CVSS:4.9(Medium)

An issue was discovered in GitLab Community and Enterprise Edition 11.11 through 12.0.2. When an admin enabled one of the service templates, it was triggering an action that leads to resource depletio...

CWE-4002019

CVE-2019-5445

MEDIUM
CVSS:4.9(Medium)

DoS in EdgeMAX EdgeSwitch prior to 1.8.2 allow an Admin user to Crash the SSH CLI interface by using crafted commands.

CWE-4002019

CVE-2020-8123

MEDIUM
CVSS:4.9(Medium)

A denial of service exists in strapi v3.0.0-beta.18.3 and earlier that can be abused in the admin console using admin rights can lead to arbitrary restart of the application.

CWE-4002020