Skip to main content

Red Hat CVE-2023-46118

| EUVDEUVD-2023-50377 MEDIUM
Uncontrolled Resource Consumption (CWE-400)
2026-06-30 https://github.com/rabbitmq/rabbitmq-server GHSA-w6cq-9cf4-gqpg
4.9
CVSS 3.1 · GitHub Advisory
Share

Severity by source

GitHub Advisory PRIMARY
4.9 MEDIUM
AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H
SUSE
MEDIUM
qualitative
Red Hat
4.9 MEDIUM
qualitative

Primary rating from GitHub Advisory.

CVSS VectorGitHub Advisory

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H
Attack Vector
Network
Attack Complexity
Low
Privileges Required
High
User Interaction
None
Scope
Unchanged
Confidentiality
None
Integrity
None
Availability
High

Lifecycle Timeline

2
Patch available
Jun 30, 2026 - 18:01 EUVD
CVE Published
Jun 30, 2026 - 16:39 github-advisory
MEDIUM 4.9

DescriptionGitHub Advisory

Summary

Responsibly disclosed by @NSEcho.

HTTP API did not enforce an HTTP request body limit, making it vulnerable for DoS attacks with very large messages.

Details

An authenticated user with sufficient credentials can publish a very large messages over the HTTP API and cause target node to be terminated by an "out-of-memory killer"-like mechanism.

A PoC was provided to Team RabbitMQ privately.

Impact

Denial of Service

AnalysisAI

Summary Responsibly disclosed by @NSEcho. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. This Uncontrolled Resource Consumption vulnerability could allow attackers to cause denial of service by exhausting system resources.

Technical ContextAI

This vulnerability is classified as Uncontrolled Resource Consumption (CWE-400), which allows attackers to cause denial of service by exhausting system resources.

Summary Responsibly disclosed by @NSEcho. HTTP API did not enforce an HTTP request body limit, making it vulnerable for DoS attacks with very large messages.

Details An authenticated user with sufficient credentials can publish a very large messages over the HTTP API and cause target node to be terminated by an "out-of-memory killer"-like mechanism. A PoC was provided to Team RabbitMQ privately.

Impact Denial of Service

RemediationAI

A vendor patch is available. Apply the latest security update as soon as possible. Implement rate limiting, set resource quotas, validate input sizes, use timeouts.

Vendor StatusVendor

SUSE

Severity: Moderate
Product Status
SUSE Linux Enterprise High Performance Computing 15 SP4 SUSE Linux Enterprise Module for Server Applications 15 SP4 SUSE Linux Enterprise Server 15 SP4 SUSE Linux Enterprise Server for SAP Applications 15 SP4 SUSE Manager Proxy 4.3 SUSE Manager Retail Branch Server 4.3 SUSE Manager Server 4.3 Fixed
SUSE Linux Enterprise High Performance Computing 15 SP5 SUSE Linux Enterprise Module for Server Applications 15 SP5 SUSE Linux Enterprise Server 15 SP5 SUSE Linux Enterprise Server for SAP Applications 15 SP5 Fixed
SUSE Linux Enterprise High Performance Computing 15 SP6 SUSE Linux Enterprise Module for Server Applications 15 SP6 SUSE Linux Enterprise Server 15 SP6 SUSE Linux Enterprise Server for SAP Applications 15 SP6 Fixed
SUSE Linux Enterprise High Performance Computing 15 SP7 SUSE Linux Enterprise Module for Server Applications 15 SP7 SUSE Linux Enterprise Server 15 SP7 SUSE Linux Enterprise Server for SAP Applications 15 SP7 Fixed
openSUSE Leap 15.4 Fixed

Share

CVE-2023-46118 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy