Jonathan Knudsen

**Name of the Vulnerable Software and Affected Versions** EMQ X Broker versions prior to 4.2.8 **Description** The issue is related to the handling of untrusted inputs, which causes excessive memory consumption. This results in a denial of service attack, where the message broker consumes large amounts of memory, leading to the application being terminated by the operating system. **Recommendations** For EMQ X Broker versions prior to 4.2.8, update to version 4.2.8 or later to resolve the issue. As a temporary workaround, consider restricting the handling of untrusted inputs to minimize the risk of excessive memory consumption.

**Name of the Vulnerable Software and Affected Versions** VerneMQ MQTT Broker versions prior to 1.12.0 **Description** The issue is related to a denial of service attack due to excessive memory consumption. This occurs when the message broker handles untrusted inputs, causing it to consume large amounts of memory. As a result, the application is terminated by the operating system. **Recommendations** For VerneMQ MQTT Broker versions prior to 1.12.0, update to version 1.12.0 or later to resolve the issue. As a temporary workaround, consider implementing input validation to restrict the handling of untrusted inputs.

**Name of the Vulnerable Software and Affected Versions** RabbitMQ versions prior to 3.8.16 **Description** The issue is related to improper input validation in the AMQP 1.0 client connection endpoint, which can lead to a denial of service. A malicious user can exploit this by sending malicious AMQP messages to a RabbitMQ instance with the AMQP 1.0 plugin enabled. **Recommendations** For versions prior to 3.8.16, update to version 3.8.16 or later to resolve the issue. As a temporary workaround, consider disabling the AMQP 1.0 plugin until a patch is available. Restrict access to the AMQP 1.0 client connection endpoint to minimize the risk of exploitation.