Lucene search

K
cvelistEclipseCVELIST:CVE-2023-0809
HistoryOct 02, 2023 - 6:56 p.m.

CVE-2023-0809

2023-10-0218:56:26
CWE-789
eclipse
www.cve.org
7
mosquitto
memory allocation
vulnerability

CVSS3

5.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

LOW

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:L

AI Score

6.6

Confidence

High

EPSS

0

Percentile

13.2%

In Mosquitto before 2.0.16, excessive memory is allocated based on malicious initial packets that are not CONNECT packets.

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "product": "Mosquitto",
    "vendor": "Eclipse",
    "versions": [
      {
        "lessThan": "2.0.16",
        "status": "affected",
        "version": "0",
        "versionType": "semver"
      }
    ]
  }
]

CVSS3

5.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

LOW

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:L

AI Score

6.6

Confidence

High

EPSS

0

Percentile

13.2%