Описание
The Eclipse Mosquitto broker up to version 1.4.15 does not reject strings that are not valid UTF-8. A malicious client could cause other clients that do reject invalid UTF-8 strings to disconnect themselves from the broker by sending a topic string which is not valid UTF-8, and so cause a denial of service for the clients.
| Релиз | Статус | Примечание |
|---|---|---|
| artful | ignored | end of life |
| bionic | released | 1.4.15-2ubuntu0.18.04.3 |
| cosmic | released | 1.4.15-2ubuntu0.18.10.3 |
| devel | not-affected | 1.5.4-1 |
| disco | not-affected | 1.5.4-1 |
| eoan | not-affected | 1.5.4-1 |
| esm-apps/bionic | released | 1.4.15-2ubuntu0.18.04.3 |
| esm-apps/focal | not-affected | 1.5.4-1 |
| esm-apps/jammy | not-affected | 1.5.4-1 |
| esm-apps/noble | not-affected | 1.5.4-1 |
Показывать по
EPSS
3.5 Low
CVSS2
5.3 Medium
CVSS3
Связанные уязвимости
The Eclipse Mosquitto broker up to version 1.4.15 does not reject strings that are not valid UTF-8. A malicious client could cause other clients that do reject invalid UTF-8 strings to disconnect themselves from the broker by sending a topic string which is not valid UTF-8, and so cause a denial of service for the clients.
The Eclipse Mosquitto broker up to version 1.4.15 does not reject stri ...
The Eclipse Mosquitto broker up to version 1.4.15 does not reject strings that are not valid UTF-8. A malicious client could cause other clients that do reject invalid UTF-8 strings to disconnect themselves from the broker by sending a topic string which is not valid UTF-8, and so cause a denial of service for the clients.
EPSS
3.5 Low
CVSS2
5.3 Medium
CVSS3