Lucene search

K
redosRedosROS-20240527-02
HistoryMay 27, 2024 - 12:00 a.m.

ROS-20240527-02

2024-05-2700:00:00
redos.red-soft.ru
4
mosquitto
message broker
vulnerability
denial of service
memory allocation
untrusted value
unix

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

AI Score

7.1

Confidence

High

EPSS

0

Percentile

13.2%

A vulnerability in the CONNECT v5 component of the Mosquitto message broker is related to a lack of memory release
after an effective lifetime. Exploitation of the vulnerability could allow an attacker acting remotely to cause a denial of service.
remotely to cause a denial of service

A vulnerability in the CONNECT component of the Mosquitto message broker is related to memory allocation based on an
an untrusted value of large size. Exploitation of the vulnerability could allow an attacker acting remotely to cause a denial of service.
remotely to cause a denial of service

OSVersionArchitecturePackageVersionFilename
redos7.3x86_64mosquitto<= 2.0.16-2UNKNOWN

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

AI Score

7.1

Confidence

High

EPSS

0

Percentile

13.2%