CVE-2023-0809

Опубликовано: 02 окт. 2023

Источник: debian

EPSS Низкий

Описание

In Mosquitto before 2.0.16, excessive memory is allocated based on malicious initial packets that are not CONNECT packets.

Пакет	Статус	Версия исправления	Релиз	Тип
mosquitto	fixed	2.0.17-1		package
mosquitto	not-affected		buster	package

https://mosquitto.org/blog/2023/08/version-2-0-16-released/
Fixed by https://github.com/eclipse/mosquitto/commit/a3c680fbb00a0019573fb84c29332e845e6efcad

EPSS

Процентиль: 8%

0.00029

Низкий

CVE-2023-0809

CVSS3: 5.8

ubuntu

около 2 лет назад

In Mosquitto before 2.0.16, excessive memory is allocated based on malicious initial packets that are not CONNECT packets.

CVE-2023-0809

CVSS3: 7.5

redhat

больше 2 лет назад

In Mosquitto before 2.0.16, excessive memory is allocated based on malicious initial packets that are not CONNECT packets.

CVE-2023-0809

CVSS3: 5.8

nvd

около 2 лет назад

In Mosquitto before 2.0.16, excessive memory is allocated based on malicious initial packets that are not CONNECT packets.

GHSA-v9xr-r3xx-x9gc

CVSS3: 5.8

github

около 2 лет назад

In Mosquitto before 2.0.16, excessive memory is allocated based on malicious initial packets that are not CONNECT packets.

BDU:2024-04210

CVSS3: 5.8

fstec

около 2 лет назад

Уязвимость компонента CONNECT брокера сообщений Eclipse Mosquitto, позволяющая нарушителю вызвать отказ в обслуживании

EPSS

Процентиль: 8%

0.00029

Низкий