Описание
In Mosquitto before 2.0.16, a memory leak occurs when clients send v5 CONNECT packets with a will message that contains invalid property types.
A memory leak vulnerability was found in Eclipse Mosquitto. This issue is triggered by malicious initial packets or certain client actions and may allow a remote attacker to the deplete system resources causing memory exhaustion, leading to a disruption in services and a denial of service condition.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat build of Apache Camel for Spring Boot 3 | mosquitto | Not affected | ||
| Red Hat Integration Camel K 1 | mosquitto | Not affected | ||
| Red Hat Satellite 6.13 for RHEL 8 | mosquitto | Fixed | RHSA-2024:1061 | 29.02.2024 |
| Red Hat Satellite 6.13 for RHEL 8 | mosquitto | Fixed | RHSA-2024:1061 | 29.02.2024 |
| Red Hat Satellite 6.14 for RHEL 8 | mosquitto | Fixed | RHSA-2024:0797 | 13.02.2024 |
| Red Hat Satellite 6.14 for RHEL 8 | mosquitto | Fixed | RHSA-2024:0797 | 13.02.2024 |
Показывать по
Дополнительная информация
Статус:
7.5 High
CVSS3
Связанные уязвимости
In Mosquitto before 2.0.16, a memory leak occurs when clients send v5 CONNECT packets with a will message that contains invalid property types.
In Mosquitto before 2.0.16, a memory leak occurs when clients send v5 CONNECT packets with a will message that contains invalid property types.
In Mosquitto before 2.0.16, a memory leak occurs when clients send v5 ...
In Mosquitto before 2.0.16, a memory leak occurs when clients send v5 CONNECT packets with a will message that contains invalid property types.
Уязвимость компонента CONNECT v5 брокера сообщений Eclipse Mosquitto, позволяющая нарушителю вызвать отказ в обслуживании
7.5 High
CVSS3