CGA-6h6p-w435-25j2
Denial of Service vulnerability in amqp-client (Maven)
What is CGA-6h6p-w435-25j2 About?
This is a Denial of Service vulnerability where the RabbitMQ Java client fails to properly validate the size of incoming messages. An attacker can send an excessively large message, causing the consumer application to experience an Out Of Memory (OOM) error. This vulnerability is relatively easy to exploit, leading to service disruption.
Affected Software
Technical Details
The vulnerability stems from the maxBodyLength parameter not being correctly enforced or utilized when the RabbitMQ Java client receives message objects. Specifically, when a producer sends a Message object with a body size that exceeds the consumer's allocated memory (e.g., 256MB body sent to a consumer with 128MB heap), the consumer attempts to load the entire message into memory. Because the size limit is not respected, this leads to an uncontrolled memory allocation that rapidly exhausts the consumer's heap space, causing an Out Of Memory (OOM) error and subsequently crashing the consumer application, effectively denying service.
What is the Impact of CGA-6h6p-w435-25j2?
Successful exploitation may allow attackers to cause a Denial of Service (DoS) condition on the affected service by exhausting its memory resources. This can lead to system instability, application crashes, and unavailability of services.
What is the Exploitability of CGA-6h6p-w435-25j2?
Exploitation of this vulnerability is straightforward and requires low complexity. An attacker only needs the ability to send messages to the RabbitMQ queue that the vulnerable consumer is monitoring. There are no specific authentication or privilege requirements beyond being able to publish messages to the queue. The attack is remote, as the attacker sends messages over the network to the message queue. The primary prerequisite is that the consumer application is running the affected RabbitMQ Java client version and has a smaller memory allocation than the attacker's potential message size. The absence of proper maxBodyLength enforcement drastically increases the likelihood of a successful denial of service.
What are the Known Public Exploits?
| PoC Author | Link | Commentary |
|---|---|---|
| No known exploits | ||
What are the Available Fixes for CGA-6h6p-w435-25j2?
About the Fix from Resolved Security
Available Upgrade Options
- com.rabbitmq:amqp-client
- <5.18.0 → Upgrade to 5.18.0
Struggling with dependency upgrades?
See how Resolved Security's drop-in replacements make it simple.
Book a demoAdditional Resources
- https://github.com/rabbitmq/rabbitmq-java-client/issues/1062
- https://github.com/rabbitmq/rabbitmq-java-client/commit/714aae602dcae6cb4b53cadf009323ebac313cc8
- https://github.com/rabbitmq/rabbitmq-java-client/security/advisories/GHSA-mm8h-8587-p46h
- https://osv.dev/vulnerability/GHSA-mm8h-8587-p46h
- https://github.com/rabbitmq/rabbitmq-java-client/releases/tag/v5.18.0
- https://github.com/rabbitmq/rabbitmq-java-client/commit/714aae602dcae6cb4b53cadf009323ebac313cc8
- https://github.com/rabbitmq/rabbitmq-java-client
- https://nvd.nist.gov/vuln/detail/CVE-2023-46120
- https://github.com/rabbitmq/rabbitmq-java-client/security/advisories/GHSA-mm8h-8587-p46h
- https://github.com/rabbitmq/rabbitmq-java-client/issues/1062
What are Similar Vulnerabilities to CGA-6h6p-w435-25j2?
Similar Vulnerabilities: CVE-2016-7491 , CVE-2017-7656 , CVE-2019-12290 , CVE-2020-13938 , CVE-2021-42340
