CVE-2021-28166

Опубликовано: 07 апр. 2021

Источник: nvd

CVSS3: 6.5

CVSS2: 4

EPSS Низкий

Описание

In Eclipse Mosquitto version 2.0.0 to 2.0.9, if an authenticated client that had connected with MQTT v5 sent a crafted CONNACK message to the broker, a NULL pointer dereference would occur.

Ссылки

https://bugs.eclipse.org/bugs/show_bug.cgi?id=572608
Issue Tracking
Patch
Vendor Advisory
https://bugs.eclipse.org/bugs/show_bug.cgi?id=572608
Issue Tracking
Patch
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:eclipse:mosquitto:*:*:*:*:*:*:*:*

Версия от 2.0.0 (включая) до 2.0.9 (включая)

EPSS

Процентиль: 70%

0.00624

Низкий

6.5 Medium

CVSS3

4 Medium

CVSS2

Дефекты

CWE-476

Связанные уязвимости

CVE-2021-28166

CVSS3: 6.5

ubuntu

почти 5 лет назад

In Eclipse Mosquitto version 2.0.0 to 2.0.9, if an authenticated client that had connected with MQTT v5 sent a crafted CONNACK message to the broker, a NULL pointer dereference would occur.

CVE-2021-28166

CVSS3: 6.5

debian

почти 5 лет назад

In Eclipse Mosquitto version 2.0.0 to 2.0.9, if an authenticated clien ...

GHSA-3647-h3m7-326w

github

больше 3 лет назад

In Eclipse Mosquitto version 2.0.0 to 2.0.9, if an authenticated client that had connected with MQTT v5 sent a crafted CONNACK message to the broker, a NULL pointer dereference would occur.

EPSS

Процентиль: 70%

0.00624

Низкий

6.5 Medium

CVSS3

4 Medium

CVSS2

Дефекты

CWE-476