CVE-2021-28166

Опубликовано: 07 апр. 2021

Источник: ubuntu

Приоритет: medium

EPSS Низкий

CVSS2: 4

CVSS3: 6.5

Описание

In Eclipse Mosquitto version 2.0.0 to 2.0.9, if an authenticated client that had connected with MQTT v5 sent a crafted CONNACK message to the broker, a NULL pointer dereference would occur.

Релиз	Статус	Примечание
bionic	ignored	end of standard support, was needs-triage
devel	not-affected	2.0.18-1
esm-apps/bionic	not-affected	code not present
esm-apps/focal	not-affected	code not present
esm-apps/jammy	not-affected	2.0.11-1ubuntu1
esm-apps/xenial	not-affected	code not present
esm-infra-legacy/trusty	not-affected	code not present
focal	not-affected	code not present
groovy	ignored	end of life
hirsute	ignored	end of life

Показывать по

Ссылки на источники

EPSS

Процентиль: 70%

0.00624

Низкий

4 Medium

CVSS2

6.5 Medium

CVSS3

Связанные уязвимости

CVE-2021-28166

CVSS3: 6.5

nvd

почти 5 лет назад

In Eclipse Mosquitto version 2.0.0 to 2.0.9, if an authenticated client that had connected with MQTT v5 sent a crafted CONNACK message to the broker, a NULL pointer dereference would occur.

CVE-2021-28166

CVSS3: 6.5

debian

почти 5 лет назад

In Eclipse Mosquitto version 2.0.0 to 2.0.9, if an authenticated clien ...

GHSA-3647-h3m7-326w

github

больше 3 лет назад

In Eclipse Mosquitto version 2.0.0 to 2.0.9, if an authenticated client that had connected with MQTT v5 sent a crafted CONNACK message to the broker, a NULL pointer dereference would occur.

EPSS

Процентиль: 70%

0.00624

Низкий

4 Medium

CVSS2

6.5 Medium

CVSS3

CVE-2021-28166

Описание

Пакет mosquitto

Ссылки на источники

Связанные уязвимости