It was discovered that rabbitmq-c exposed credentials in command-line arguments under certain circumstances. A local attacker could possibly use this issue to obtain sensitive information. This issue only affected Ubuntu 22.04 LTS and Ubuntu 24.04 LTS. (CVE-2023-35789) It was discovered that rabbitmq-c incorrectly handled AMQP frame lengths under certain circumstances, which could lead to an out-of-bounds read. A remote attacker could possibly use this issue to cause rabbitmq-c to crash, resulting in a denial of service. (CVE-2026-44235) It was discovered that rabbitmq-c incorrectly handled AMQP login handshakes under certain circumstances, which could lead to a heap buffer overflow. A remote attacker could possibly use this issue to cause rabbitmq-c to crash, resulting in a denial of service, or execute arbitrary code. (CVE-2026-44236)
Continue reading...
Continue reading...
