Uncontrolled Memory Allocation in RabbitMQ Java Client Library - #VU137269
Published: July 9, 2026
RabbitMQ Java Client Library
Detailed vulnerability description
The vulnerability allows a remote attacker to cause a denial of service.
The vulnerability exists due to memory allocation with excessive size value in ValueReader.readBytes() when processing a LongString or bytes field from an AMQP peer. A remote attacker can send a specially crafted AMQP field with an oversized declared length to cause a denial of service.
The issue can be triggered pre-authentication during connection.start, and successful exploitation can crash the entire JVM with an OutOfMemoryError.