Описание
In Eclipse Mosquitto 1.4.14, a user can shutdown the Mosquitto server simply by filling the RAM memory with a lot of connections with large payload. This can be done without authentications if occur in connection phase of MQTT protocol.
| Релиз | Статус | Примечание |
|---|---|---|
| artful | released | 1.4.12-1ubuntu0.1 |
| bionic | not-affected | 1.4.15-1 |
| devel | not-affected | 1.4.15-1 |
| esm-apps/bionic | not-affected | 1.4.15-1 |
| esm-apps/xenial | released | 1.4.8-1ubuntu0.16.04.3 |
| esm-infra-legacy/trusty | released | 0.15-2+deb7u3ubuntu0.1 |
| precise/esm | DNE | |
| trusty | released | 0.15-2+deb7u3ubuntu0.1 |
| trusty/esm | released | 0.15-2+deb7u3ubuntu0.1 |
| upstream | released | 1.4.15-1 |
Показывать по
EPSS
5 Medium
CVSS2
7.5 High
CVSS3
Связанные уязвимости
In Eclipse Mosquitto 1.4.14, a user can shutdown the Mosquitto server simply by filling the RAM memory with a lot of connections with large payload. This can be done without authentications if occur in connection phase of MQTT protocol.
In Eclipse Mosquitto 1.4.14, a user can shutdown the Mosquitto server ...
In Eclipse Mosquitto 1.4.14, a user can shutdown the Mosquitto server simply by filling the RAM memory with a lot of connections with large payload. This can be done without authentications if occur in connection phase of MQTT protocol.
EPSS
5 Medium
CVSS2
7.5 High
CVSS3