Lucene search

K
redhatcveRedhat.comRH:CVE-2023-3592
HistoryDec 12, 2023 - 9:54 p.m.

CVE-2023-3592

2023-12-1221:54:32
redhat.com
access.redhat.com
9
cve-2023-3592
memory leak
eclipse mosquitto
remote attacker
system resources
denial of service

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

AI Score

7.2

Confidence

High

EPSS

0

Percentile

13.2%

A memory leak vulnerability was found in Eclipse Mosquitto. This issue is triggered by malicious initial packets or certain client actions and may allow a remote attacker to the deplete system resources causing memory exhaustion, leading to a disruption in services and a denial of service condition.

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

AI Score

7.2

Confidence

High

EPSS

0

Percentile

13.2%