Unrated severityNVD Advisory· Published Jun 8, 2021· Updated Aug 3, 2024
CVE-2021-22116
CVE-2021-22116
Description
RabbitMQ all versions prior to 3.8.16 are prone to a denial of service vulnerability due to improper input validation in AMQP 1.0 client connection endpoint. A malicious user can exploit the vulnerability by sending malicious AMQP messages to the target RabbitMQ instance having the AMQP 1.0 plugin enabled.
Affected products
12- RabbitMQ/RabbitMQdescription
- osv-coords11 versionspkg:bitnami/rabbitmqpkg:rpm/opensuse/elixir115&distro=openSUSE%20Leap%2015.6pkg:rpm/opensuse/erlang26&distro=openSUSE%20Leap%2015.6pkg:rpm/opensuse/rabbitmq-server313&distro=openSUSE%20Leap%2015.6pkg:rpm/opensuse/rabbitmq-server&distro=openSUSE%20Leap%2015.2pkg:rpm/opensuse/rabbitmq-server&distro=openSUSE%20Leap%2015.3pkg:rpm/suse/elixir115&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Server%20Applications%2015%20SP6pkg:rpm/suse/erlang26&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Server%20Applications%2015%20SP6pkg:rpm/suse/rabbitmq-server313&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Server%20Applications%2015%20SP6pkg:rpm/suse/rabbitmq-server&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Server%20Applications%2015%20SP2pkg:rpm/suse/rabbitmq-server&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Server%20Applications%2015%20SP3
< 3.8.16+ 10 more
- (no CPE)range: < 3.8.16
- (no CPE)range: < 1.15.7-150300.7.5.1
- (no CPE)range: < 26.2.1-150300.7.5.1
- (no CPE)range: < 3.13.1-150600.13.5.3
- (no CPE)range: < 3.8.3-lp152.2.3.1
- (no CPE)range: < 3.8.11-3.3.3
- (no CPE)range: < 1.15.7-150300.7.5.1
- (no CPE)range: < 26.2.1-150300.7.5.1
- (no CPE)range: < 3.13.1-150600.13.5.3
- (no CPE)range: < 3.8.3-3.3.4
- (no CPE)range: < 3.8.11-3.3.3
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
2- lists.debian.org/debian-lts-announce/2021/07/msg00011.htmlmitremailing-listx_refsource_MLIST
- tanzu.vmware.com/security/cve-2021-22116mitrex_refsource_MISC
News mentions
0No linked articles in our index yet.