software: mosquitto 2.0.15
WASP: ROSA-CHROME
package_evr_string: mosquitto-2.0.15-2.src.rpm
CVE-ID: CVE-2021-34431
BDU-ID: 2022-01775
CVE-Crit: MEDIUM
CVE-DESC.: A vulnerability in the Mosquitto message broker is related to incorrect processing of a CONNECT packet without will topic, will message in the presence of will flag, will property. Exploitation of the vulnerability allows an attacker acting remotely to cause a denial of service
CVE-STATUS: Resolved
CVE-REV: To close, run the command: sudo dnf update mosquitto
CVE-ID: CVE-2021-41039
BDU-ID: 2022-03119
CVE-Crit: HIGH
CVE-DESC.: A vulnerability in the Eclipse Mosquitto message broker MQTT v5 protocol implementation is associated with excessive CPU utilization. Exploitation of the vulnerability could allow an attacker acting remotely to cause a denial-of-service.
CVE-STATUS: Fixed.
CVE-REV: To close, run the command: sudo dnf update mosquitto