Dyslexicatheist

**Name of the Vulnerable Software and Affected Versions** RabbitMQ versions 0.9.0 **Description** The issue is related to the amqp handle input function in the amqp connection.c component of the RabbitMQ message broker, which lacks frame size checking. This allows a remote attacker to access confidential data, compromise its integrity, and cause a denial of service. Specifically, there is an integer overflow that leads to heap memory corruption in the handling of CONNECTION STATE HEADER, allowing a rogue server to return a malicious frame header that causes a smaller target size value than needed, resulting in a memcpy function copying too much data into a heap buffer. **Recommendations** For RabbitMQ version 0.9.0, consider disabling the `amqp handle input` function as a temporary workaround until a patch is available. Restrict access to the `amqp connection.c` component to minimize the risk of exploitation. Avoid using the `CONNECTION STATE HEADER` in the affected API endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.