CVE-2021-34431

Published: 7/22/2021 Last updated: 8/4/2024 Reserved: 6/9/2021

In Eclipse Mosquitto version 1.6 to 2.0.10, if an authenticated client that had connected with MQTT v5 sent a crafted CONNECT message to the broker a memory leak would occur, which could be used to provide a DoS attack against the broker.

CNA assigner: eclipse (e51fbebd-6053-4e49-959f-1b94eeb69a2c) Requested by: n/a

Opam packages affected (1)

conf-libmosquitto

Products affected (1)

Product	Vendor	Version
Eclipse Mosquitto	The Eclipse Foundation	< 6.0.6003.23070

References (2)

https://bugs.eclipse.org/bugs/show_bug.cgi?id=573191
https://bugs.eclipse.org/bugs/show_bug.cgi?id=573191

Credits (1)

Thanks to Kathrin Kleinhammer of OTARIS Interactive Services GmbH for discovering and reporting this issue.