CVE-2021-22116

Severity CVSS v4.0:
Pending analysis
Type:
CWE-20 Input Validation
Publication date:
08/06/2021
Last modified:
25/10/2022

Description

RabbitMQ all versions prior to 3.8.16 are prone to a denial of service vulnerability due to improper input validation in AMQP 1.0 client connection endpoint. A malicious user can exploit the vulnerability by sending malicious AMQP messages to the target RabbitMQ instance having the AMQP 1.0 plugin enabled.

Vulnerable products and versions

CPE From Up to
cpe:2.3:a:vmware:rabbitmq:*:*:*:*:*:*:*:* 3.8.16 (excluding)
cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*