Lucene search

FreeBSD7003B62D-7252-46FF-A9DF-1B1900F1E65B

HistoryMay 10, 2021 - 12:00 a.m.

RabbitMQ -- Denial of Service via improper input validation

2021-05-1000:00:00

vuxml.freebsd.org

rabbitmq

denial of service

input validation

amqp 1.0

vulnerability

malicious client

amqp messages

security issue

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:N/I:N/A:P

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

EPSS

0.001

Percentile

48.9%

JSON

Jonathon Knudsen of Synopsys Cybersecurity Research Center reports:

All versions prior to 3.8.16 are prone to a denial of service
vulnerability due to improper input validation in AMQP 1.0 client
connection endpoint. A malicious client can exploit the vulnerability
by sending malicious AMQP messages to the target RabbitMQ instance
having the AMQP 1.0 plugin enabled.

OSVersionArchitecturePackageVersionFilename
FreeBSDanynoarchrabbitmq< 3.8.16UNKNOWN

OS	Version	Architecture	Package	Version	Filename
FreeBSD	any	noarch	rabbitmq	< 3.8.16	UNKNOWN

References

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-22116

tanzu.vmware.com/security/cve-2021-22116

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:N/I:N/A:P

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

EPSS

0.001

Percentile

48.9%

JSON

Related for 7003B62D-7252-46FF-A9DF-1B1900F1E65B