Lucene search

K
osvGoogleOSV:USN-6492-1
HistoryNov 21, 2023 - 3:23 p.m.

mosquitto vulnerabilities

2023-11-2115:23:51
Google
osv.dev
5
mosquitto
denial of service
authorisation bypass
input handling
ubuntu lts
cve

CVSS2

5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

AI Score

7.1

Confidence

Low

EPSS

0.002

Percentile

54.8%

Kathrin Kleinhammer discovered that Mosquitto incorrectly handled certain
inputs. If a user or an automated system were provided with a specially crafted
input, a remote attacker could possibly use this issue to cause a denial of
service. This issue only affected Ubuntu 20.04 LTS. (CVE-2021-34431)

Zhanxiang Song discovered that Mosquitto incorrectly handled certain inputs. If
a user or an automated system were provided with a specially crafted input, a
remote attacker could possibly use this issue to cause an authorisation bypass.
This issue only affected Ubuntu 22.04 LTS and Ubuntu 23.04. (CVE-2021-34434)

Zhanxiang Song, Bin Yuan, DeQing Zou, and Hai Jin discovered that Mosquitto
incorrectly handled certain inputs. If a user or an automated system were
provided with a specially crafted input, a remote attacker could possibly use
this issue to cause a denial of service. This issue only affected Ubuntu 20.04
LTS and Ubuntu 22.04 LTS. (CVE-2021-41039)

Zhengjie Du discovered that Mosquitto incorrectly handled certain inputs. If a
user or an automated system were provided with a specially crafted input file,
a remote attacker could possibly use this issue to cause a denial of service.
(CVE-2023-0809)

It was discovered that Mosquitto incorrectly handled certain inputs. If a user
or an automated system were provided with a specially crafted input, a remote
attacker could possibly use this issue to cause a denial of service.
(CVE-2023-3592)

Mischa Bachmann discovered that Mosquitto incorrectly handled certain inputs.
If a user or an automated system were provided with a specially crafted input,
a remote attacker could possibly use this issue to cause a denial of service.
This issue was only fixed in Ubuntu 22.04 LTS and Ubuntu 23.04.
(CVE-2023-28366)

CVSS2

5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

AI Score

7.1

Confidence

Low

EPSS

0.002

Percentile

54.8%