CVE-2021-41039

Published: 12/1/2021 Last updated: 8/4/2024 Reserved: 9/13/2021

In versions 1.6 to 2.0.11 of Eclipse Mosquitto, an MQTT v5 client connecting with a large number of user-property properties could cause excessive CPU usage, leading to a loss of performance and possible denial of service.

CNA assigner: eclipse (e51fbebd-6053-4e49-959f-1b94eeb69a2c) Requested by: n/a

Opam packages affected (1)

conf-libmosquitto

Products affected (1)

Product	Vendor	Version
Eclipse Mosquitto	The Eclipse Foundation	20.6.4

References (4)

https://bugs.eclipse.org/bugs/show_bug.cgi?id=575314
https://www.debian.org/security/2023/dsa-5511
https://bugs.eclipse.org/bugs/show_bug.cgi?id=575314
https://www.debian.org/security/2023/dsa-5511

Credits (1)

This issue was discovered and reported by Zhanxiang Song, Bin Yuan, DeQing Zou, Hai Jin, Huazhong Univ. of Sci. & Tech.; Luyi Xing, IU; Yan Jia, Nankai University