{"id":"CVE-2021-22116","details":"RabbitMQ all versions prior to 3.8.16 are prone to a denial of service vulnerability due to improper input validation in AMQP 1.0 client connection endpoint. A malicious user can exploit the vulnerability by sending malicious AMQP messages to the target RabbitMQ instance having the AMQP 1.0 plugin enabled.","aliases":["BIT-rabbitmq-2021-22116"],"modified":"2026-04-10T04:29:57.273411Z","published":"2021-06-08T12:15:10.347Z","related":["MGASA-2021-0390","SUSE-FU-2024:2078-1","SUSE-SU-2021:3254-1","SUSE-SU-2021:3325-1","openSUSE-SU-2021:1334-1","openSUSE-SU-2021:3325-1"],"references":[{"type":"ADVISORY","url":"https://tanzu.vmware.com/security/cve-2021-22116"},{"type":"ADVISORY","url":"https://lists.debian.org/debian-lts-announce/2021/07/msg00011.html"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/rabbitmq/rabbitmq-server","events":[{"introduced":"0"},{"fixed":"afd0d815f3771209174fd53b8b3a4afc637dca48"}],"database_specific":{"versions":[{"introduced":"0"},{"fixed":"3.8.16"}]}}],"versions":["base-for-tanzu-rabbitmq-2020.12-additions","rabbitmq_v1_4_0","rabbitmq_v1_5_0","rabbitmq_v1_6_0","rabbitmq_v1_7_0","rabbitmq_v1_7_2","rabbitmq_v1_8_1","rabbitmq_v2_4_0","rabbitmq_v2_7_1","rabbitmq_v2_8_0","rabbitmq_v3_0_0","rabbitmq_v3_0_1","rabbitmq_v3_0_2","rabbitmq_v3_0_3","rabbitmq_v3_0_4","rabbitmq_v3_1_1","rabbitmq_v3_1_2","rabbitmq_v3_1_3","rabbitmq_v3_1_4","rabbitmq_v3_1_5","rabbitmq_v3_2_1","rabbitmq_v3_2_2","rabbitmq_v3_2_3","rabbitmq_v3_2_4","rabbitmq_v3_3_0","rabbitmq_v3_3_1","rabbitmq_v3_3_2","rabbitmq_v3_3_3","rabbitmq_v3_3_4","rabbitmq_v3_3_5","rabbitmq_v3_4_0","rabbitmq_v3_4_1","rabbitmq_v3_4_2","rabbitmq_v3_4_3","rabbitmq_v3_5_0","rabbitmq_v3_6_0","rabbitmq_v3_6_0_milestone1","rabbitmq_v3_6_0_milestone2","rabbitmq_v3_6_0_milestone3","rabbitmq_v3_6_0_rc1","rabbitmq_v3_6_0_rc2","rabbitmq_v3_6_0_rc3","rabbitmq_v3_7_0_milestone1","rabbitmq_v3_7_0_milestone10","rabbitmq_v3_7_0_milestone11","rabbitmq_v3_7_0_milestone12","rabbitmq_v3_7_0_milestone13","rabbitmq_v3_7_0_milestone14","rabbitmq_v3_7_0_milestone15","rabbitmq_v3_7_0_milestone16","rabbitmq_v3_7_0_milestone17","rabbitmq_v3_7_0_milestone18","rabbitmq_v3_7_0_milestone2","rabbitmq_v3_7_0_milestone3","rabbitmq_v3_7_0_milestone4","rabbitmq_v3_7_0_milestone5","rabbitmq_v3_7_0_milestone7","rabbitmq_v3_7_0_milestone8","rabbitmq_v3_7_0_milestone9","v3.7.0-beta.19","v3.7.0-beta.20","v3.7.0-rc.1","v3.7.0-rc.2","v3.8.0","v3.8.0-beta.1","v3.8.0-beta.2","v3.8.0-beta.3","v3.8.0-beta.4","v3.8.0-beta.5","v3.8.0-beta.6","v3.8.0-beta.7","v3.8.0-rc.1","v3.8.0-rc.2","v3.8.0-rc.3","v3.8.1","v3.8.1-beta.1","v3.8.1-beta.2","v3.8.1-rc.1","v3.8.10-beta.1","v3.8.10-rc.1","v3.8.10-rc.5","v3.8.10-rc.6","v3.8.11","v3.8.12","v3.8.12-beta.1","v3.8.12-rc.1","v3.8.12-rc.2","v3.8.12-rc.3","v3.8.13","v3.8.13-beta.1","v3.8.14","v3.8.15","v3.8.15-rc.2","v3.8.15-rc.3","v3.8.2","v3.8.2-rc.1","v3.8.3","v3.8.3-beta.1","v3.8.3-beta.2","v3.8.3-beta.3","v3.8.3-rc.1","v3.8.3-rc.2","v3.8.4","v3.8.4-beta.1","v3.8.4-rc.1","v3.8.4-rc.2","v3.8.4-rc.3","v3.8.5","v3.8.5-rc.1","v3.8.5-rc.2","v3.8.6","v3.8.6-beta.1","v3.8.6-rc.1","v3.8.6-rc.2","v3.8.7","v3.8.8","v3.8.9"],"database_specific":{"unresolved_ranges":[{"events":[{"introduced":"0"},{"last_affected":"9.0"}]}],"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2021-22116.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}]}