Support Content Notification - Support Portal

CVE-2021-22116: Denial-of-Service Vulnerability due to improper input validation in RabbitMQ server

Product/Component

Notification Id

24013

Last Updated

10 May 2021

Initial Publication Date

10 May 2021

Status

CLOSED

Severity

HIGH

CVSS Base Score

WorkAround

Affected CVE

CVE-2021-22116

Severity

High

Vendor

VMware Tanzu

Description

RabbitMQ all versions prior to 3.8.16 are prone to a denial of service vulnerability due to improper input validation in AMQP 1.0 client connection endpoint.

A malicious can exploit the vulnerability by sending malicious AMQP messages to the target RabbitMQ instance having the AMQP 1.0 plugin enabled.

Affected VMware Products and Versions

Severity is high unless otherwise noted.

RabbitMQ
- 3.8.x versions prior to 3.8.16

Mitigation

Users of affected versions should apply the following mitigation or upgrade:

RabbitMQ
- 3.8.16

Credit

Jonathan Knudsen of Synopsys Cybersecurity Research Center (CyRC)

References

https://tanzu.vmware.com/security/cve-2021-22116

History

2021-05-10: Initial vulnerability report published.