RabbitMQ Java client's lack of message size limitation leads to remote DoS attack

The RabbitMQ Java client library allows Java and JVM-based applications to connect to and interact with RabbitMQ nodes. `maxBodyLebgth` was not used when receiving Message objects. Attackers could send a very large Message causing a memory overflow and triggering an OOM Error. Users of RabbitMQ may suffer from DoS attacks from RabbitMQ Java client which will ultimately exhaust the memory of the consumer. This vulnerability was patched in version 5.18.0.

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H

未加控制的资源消耗(资源穷尽)

RabbitMQ 资源管理错误漏洞

RabbitMQ是RabbitMQ开源的一个功能丰富的多协议消息和流媒体代理。 RabbitMQ Java client 5.18.0之前版本存在安全漏洞，该漏洞源于允许Java和基于JVM的应用程序连接到RabbitMQ节点并与之交互，攻击者可能会发送非常大的消息，导致内存溢出并触发OOM错误。

N/A

N/A