CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:N/I:N/A:P
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
AI Score
Confidence
Low
EPSS
Percentile
60.9%
Kathrin Kleinhammer discovered that Mosquitto incorrectly handled certain
inputs. If a user or an automated system were provided with a specially crafted
input, a remote attacker could possibly use this issue to cause a denial of
service. This issue only affected Ubuntu 20.04 LTS. (CVE-2021-34431)
Zhanxiang Song discovered that Mosquitto incorrectly handled certain inputs. If
a user or an automated system were provided with a specially crafted input, a
remote attacker could possibly use this issue to cause an authorisation bypass.
This issue only affected Ubuntu 22.04 LTS and Ubuntu 23.04. (CVE-2021-34434)
Zhanxiang Song, Bin Yuan, DeQing Zou, and Hai Jin discovered that Mosquitto
incorrectly handled certain inputs. If a user or an automated system were
provided with a specially crafted input, a remote attacker could possibly use
this issue to cause a denial of service. This issue only affected Ubuntu 20.04
LTS and Ubuntu 22.04 LTS. (CVE-2021-41039)
Zhengjie Du discovered that Mosquitto incorrectly handled certain inputs. If a
user or an automated system were provided with a specially crafted input file,
a remote attacker could possibly use this issue to cause a denial of service.
(CVE-2023-0809)
It was discovered that Mosquitto incorrectly handled certain inputs. If a user
or an automated system were provided with a specially crafted input, a remote
attacker could possibly use this issue to cause a denial of service.
(CVE-2023-3592)
Mischa Bachmann discovered that Mosquitto incorrectly handled certain inputs.
If a user or an automated system were provided with a specially crafted input,
a remote attacker could possibly use this issue to cause a denial of service.
This issue was only fixed in Ubuntu 22.04 LTS and Ubuntu 23.04.
(CVE-2023-28366)
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:N/I:N/A:P
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
AI Score
Confidence
Low
EPSS
Percentile
60.9%