RabbitMQ: Impact of CVE-2024-37371, CVE-2024-45491,CVE-2024-45492 ,CVE-2024-52533 and CVE-2025-4802 on version 3.13.6/Erlang 26.2.X
search cancel

RabbitMQ: Impact of CVE-2024-37371, CVE-2024-45491,CVE-2024-45492 ,CVE-2024-52533 and CVE-2025-4802 on version 3.13.6/Erlang 26.2.X

book

Article ID: 433496

calendar_today

Updated On:

Products

VMware Tanzu RabbitMQ

Issue/Introduction

A security scan identified several critical/high vulnerabilities listed below in the RabbitMQ(3.13.6) container image. What are the required remediation steps?

CVE-2024-37371
CVE-2024-45491
CVE-2024-45492
CVE-2024-52533
CVE-2025-4802

Environment

RabbitMQ 3.13 / Erlang 26.2.x

Cause

These vulnerabilities are reported by the components listed below and not directly by RabbitMQ or Erlang.

Kerberos (`krb5`)
Expat (`expat-libs`)
GLib (`glib`)
Glibc('Glibc')
glibc-i18n( `glib`)
Iperf( `iperf`)

Related screenshot.

 

 

Resolution

While none of these affect RabbitMQ or Erlang directly, and RabbitMQ's use of Erlang APIs should not involve dlopen beyond the initial runtime boot, the immediate corrective action to take is to upgrade to RabbitMQ 3.13.14 and the latest Erlang 26.x. Note that RabbitMQ v3.13.14 will be compatible with Erlang 27.x in the near future.
 
Security fixes are regularly back ported and 3.13.14 addresses two CVEs that will be announced around June when all VMware products adopt patched RabbitMQ versions.
 

 

Powered by Wolken Software