) or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.
Search Results (Refine Search)
- Results Type: Overview
- Keyword (text search): cpe:2.3:a:eclipse:mosquitto:1.5.9:*:*:*:*:*:*:*
- CPE Name Search: true
| Vuln ID | Summary | CVSS Severity |
|---|---|---|
| CVE-2023-5632 |
In Eclipse Mosquito before and including 2.0.5, establishing a connection to the mosquitto server without sending data causes the EPOLLOUT event to be added, which results excessive CPU consumption. This could be used by a malicious actor to perform denial of service type attack. This issue is fixed in 2.0.6 Published: October 18, 2023; 5:15:10 AM -0400 |
V3.1: 7.5 HIGH V2.0:(not available) |
| CVE-2023-3592 |
In Mosquitto before 2.0.16, a memory leak occurs when clients send v5 CONNECT packets with a will message that contains invalid property types. Published: October 02, 2023; 4:15:10 PM -0400 |
V3.1: 7.5 HIGH V2.0:(not available) |
| CVE-2023-0809 |
In Mosquitto before 2.0.16, excessive memory is allocated based on malicious initial packets that are not CONNECT packets. Published: October 02, 2023; 3:15:09 PM -0400 |
V3.1: 5.3 MEDIUM V2.0:(not available) |
| CVE-2023-28366 |
The broker in Eclipse Mosquitto 1.3.2 through 2.x before 2.0.16 has a memory leak that can be abused remotely when a client sends many QoS 2 messages with duplicate message IDs, and fails to respond to PUBREC commands. This occurs because of mishandling of EAGAIN from the libc send function. Published: September 01, 2023; 12:15:07 PM -0400 |
V3.1: 7.5 HIGH V2.0:(not available) |
| CVE-2021-34432 |
In Eclipse Mosquitto versions 2.07 and earlier, the server will crash if the client tries to send a PUBLISH packet with topic length = 0. Published: July 27, 2021; 12:15:07 PM -0400 |
V3.1: 7.5 HIGH V2.0: 5.0 MEDIUM |