Explore top 10 tips to secure your open-source projects now. Read More

×
Alerts This Week
Warning Icon 1 531
Alerts This Week
Warning Icon 1 531

Ubuntu 26.04 rabbitmq-c Critical Buffer Overflow and DoS Issues 8437-1

ubuntu
Calendar Grey June 16, 2026
Scroller Ubuntu Esm H88
Significant security fixes for rabbitmq-c in Ubuntu. Address vulnerabilities to prevent crashes and sensitive data leaks.
Several security issues were fixed in rabbitmq-c.

Summary

Several security issues were fixed in rabbitmq-c.

Software Description:

- librabbitmq: AMQP client library written in C

Details:

It was discovered that rabbitmq-c exposed credentials in command-line

arguments under certain circumstances. A local attacker could possibly use

this issue to obtain sensitive information. This issue only affected Ubuntu

22.04 LTS and Ubuntu 24.04 LTS. (CVE-2023-35789)

It was discovered that rabbitmq-c incorrectly handled AMQP frame lengths

under certain circumstances, which could lead to an out-of-bounds read. A

remote attacker could possibly use this issue to cause rabbitmq-c to crash,

resulting in a denial of service. (CVE-2026-44235)

It was discovered that rabbitmq-c incorrectly handled AMQP login handshakes

under certain circumstances, which could lead to a heap buffer overflow. A

remote attacker could possibly use this issue to cause rabbitmq-c to crash,

resulting in a denial of service, or execute arbitrary code.

(CVE-2026-44236)

Update Instructions

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 26.04 LTS
  amqp-tools                      0.15.0-1ubuntu0.26.04.1
  librabbitmq4                    0.15.0-1ubuntu0.26.04.1

Ubuntu 25.10
  amqp-tools                      0.15.0-1ubuntu0.25.10.1
  librabbitmq4                    0.15.0-1ubuntu0.25.10.1

Ubuntu 24.04 LTS
  amqp-tools                      0.11.0-1ubuntu0.1
  librabbitmq4                    0.11.0-1ubuntu0.1

Ubuntu 22.04 LTS
  amqp-tools                      0.10.0-1ubuntu2.1
  librabbitmq4                    0.10.0-1ubuntu2.1

In general, a standard system update will make all the necessary changes.

References

https://ubuntu.com/security/notices/USN-8437-1

CVE-2023-35789, CVE-2026-44235, CVE-2026-44236

Severity
critical
Lowest
Low
Medium
High
Critical

Ubuntu Security Notice USN-8437-1

Package Information

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.