All Vulnerability Reports

CVE-2021-22116: Denial-of-Service Vulnerability due to improper input validation in RabbitMQ server


Severity

High

Vendor

VMware Tanzu

Description

RabbitMQ all versions prior to 3.8.16 are prone to a denial of service vulnerability due to improper input validation in AMQP 1.0 client connection endpoint.

A malicious can exploit the vulnerability by sending malicious AMQP messages to the target RabbitMQ instance having the AMQP 1.0 plugin enabled.

Affected VMware Products and Versions

Severity is high unless otherwise noted.

  • RabbitMQ
    • 3.8.x versions prior to 3.8.16
Mitigation

Users of affected versions should apply the following mitigation or upgrade:

  • RabbitMQ
    • 3.8.16
Credit

Jonathan Knudsen of Synopsys Cybersecurity Research Center (CyRC)

References
History

2021-05-10: Initial vulnerability report published.