Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

ubuntu логотип

CVE-2021-34431

Опубликовано: 22 июл. 2021
Источник: ubuntu
Приоритет: medium
CVSS2: 4
CVSS3: 6.5

Описание

In Eclipse Mosquitto version 1.6 to 2.0.10, if an authenticated client that had connected with MQTT v5 sent a crafted CONNECT message to the broker a memory leak would occur, which could be used to provide a DoS attack against the broker.

РелизСтатусПримечание
bionic

ignored

end of standard support, was needs-triage
devel

not-affected

2.0.18-1
esm-apps/bionic

not-affected

code not present
esm-apps/focal

released

1.6.9-1ubuntu0.1~esm1
esm-apps/jammy

not-affected

2.0.11-1ubuntu1
esm-apps/noble

not-affected

2.0.18-1
esm-apps/xenial

not-affected

code not present
esm-infra-legacy/trusty

not-affected

code not present
focal

ignored

end of standard support, was needed
groovy

ignored

end of life

Показывать по

Ссылки на источники

4 Medium

CVSS2

6.5 Medium

CVSS3

Связанные уязвимости

nvd логотип

CVE-2021-34431

CVSS3: 6.5
nvd
больше 4 лет назад

In Eclipse Mosquitto version 1.6 to 2.0.10, if an authenticated client that had connected with MQTT v5 sent a crafted CONNECT message to the broker a memory leak would occur, which could be used to provide a DoS attack against the broker.

debian логотип

CVE-2021-34431

CVSS3: 6.5
debian
больше 4 лет назад

In Eclipse Mosquitto version 1.6 to 2.0.10, if an authenticated client ...

github логотип

GHSA-j546-3m5x-fx7p

github
больше 3 лет назад

In Eclipse Mosquitto version 1.6 to 2.0.10, if an authenticated client that had connected with MQTT v5 sent a crafted CONNECT message to the broker a memory leak would occur, which could be used to provide a DoS attack against the broker.

fstec логотип

BDU:2022-01775

CVSS3: 6.5
fstec
больше 4 лет назад

Уязвимость брокера сообщений Mosquitto, связанная с неправильным освобождением памяти перед удалением последний ссылки, позволяющая нарушителю вызвать отказ в обслуживании

4 Medium

CVSS2

6.5 Medium

CVSS3