Search CVE reports
1 – 10 of 23 results
CVE-2023-5632
Medium priorityIn Eclipse Mosquito before and including 2.0.5, establishing a connection to the mosquitto server without sending data causes the EPOLLOUT event to be added, which results excessive CPU consumption. This could be used by...
1 affected packages
mosquitto
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
mosquitto | — | Not affected | Not affected | Not affected | Not affected |
CVE-2023-3592
Medium priorityIn Mosquitto before 2.0.16, a memory leak occurs when clients send v5 CONNECT packets with a will message that contains invalid property types.
1 affected packages
mosquitto
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
mosquitto | Not affected | Fixed | Fixed | Not affected | Not affected |
CVE-2023-0809
Medium priorityIn Mosquitto before 2.0.16, excessive memory is allocated based on malicious initial packets that are not CONNECT packets.
1 affected packages
mosquitto
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
mosquitto | Not affected | Fixed | Fixed | Not affected | Not affected |
CVE-2023-28366
Medium prioritySome fixes available 3 of 5
The broker in Eclipse Mosquitto 1.3.2 through 2.x before 2.0.16 has a memory leak that can be abused remotely when a client sends many QoS 2 messages with duplicate message IDs, and fails to respond to PUBREC commands. This occurs...
1 affected packages
mosquitto
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
mosquitto | — | Fixed | Fixed | Ignored | Ignored |
CVE-2021-41039
Medium prioritySome fixes available 2 of 5
In versions 1.6 to 2.0.11 of Eclipse Mosquitto, an MQTT v5 client connecting with a large number of user-property properties could cause excessive CPU usage, leading to a loss of performance and possible denial of service.
1 affected packages
mosquitto
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
mosquitto | Not affected | Fixed | Fixed | Not affected | Not affected |
CVE-2021-34434
Medium prioritySome fixes available 2 of 5
In Eclipse Mosquitto versions 2.0 to 2.0.11, when using the dynamic security plugin, if the ability for a client to make subscriptions on a topic is revoked when a durable client is offline, then existing subscriptions for that...
1 affected packages
mosquitto
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
mosquitto | — | Fixed | Not affected | Not affected | Not affected |
CVE-2021-34432
Medium priorityIn Eclipse Mosquitto versions 2.07 and earlier, the server will crash if the client tries to send a PUBLISH packet with topic length = 0.
1 affected packages
mosquitto
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
mosquitto | — | Not affected | Not affected | Not affected | Not affected |
CVE-2021-34431
Medium prioritySome fixes available 1 of 5
In Eclipse Mosquitto version 1.6 to 2.0.10, if an authenticated client that had connected with MQTT v5 sent a crafted CONNECT message to the broker a memory leak would occur, which could be used to provide a DoS attack against the broker.
1 affected packages
mosquitto
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
mosquitto | Not affected | Not affected | Fixed | Not affected | Not affected |
CVE-2021-28166
Medium priorityIn Eclipse Mosquitto version 2.0.0 to 2.0.9, if an authenticated client that had connected with MQTT v5 sent a crafted CONNACK message to the broker, a NULL pointer dereference would occur.
1 affected packages
mosquitto
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
mosquitto | — | Not affected | Not affected | Not affected | Not affected |
CVE-2019-11779
Medium priorityIn Eclipse Mosquitto 1.5.0 to 1.6.5 inclusive, if a malicious MQTT client sends a SUBSCRIBE packet containing a topic that consists of approximately 65400 or more '/' characters, i.e. the topic hierarchy separator, then a stack...
1 affected packages
mosquitto
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
mosquitto | — | — | — | Not affected | Not affected |