Lucene search

ROSA LABROSA-SA-2023-2224

HistoryAug 29, 2023 - 12:18 p.m.

Advisory ROSA-SA-2023-2224

2023-08-2912:18:55

ROSA LAB

abf.rosalinux.ru

mosquitto

high vulnerability

medium vulnerability

rosa-chrome

denial of service

6.7 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

32.1%

JSON

software: mosquitto 2.0.15
WASP: ROSA-CHROME

package_evr_string: mosquitto-2.0.15-2.src.rpm

CVE-ID: CVE-2021-34431
BDU-ID: 2022-01775
CVE-Crit: MEDIUM
CVE-DESC.: A vulnerability in the Mosquitto message broker is related to incorrect processing of a CONNECT packet without will topic, will message in the presence of will flag, will property. Exploitation of the vulnerability allows an attacker acting remotely to cause a denial of service
CVE-STATUS: Resolved
CVE-REV: To close, run the command: sudo dnf update mosquitto

CVE-ID: CVE-2021-41039
BDU-ID: 2022-03119
CVE-Crit: HIGH
CVE-DESC.: A vulnerability in the Eclipse Mosquitto message broker MQTT v5 protocol implementation is associated with excessive CPU utilization. Exploitation of the vulnerability could allow an attacker acting remotely to cause a denial-of-service.
CVE-STATUS: Fixed.
CVE-REV: To close, run the command: sudo dnf update mosquitto

OSVersionArchitecturePackageVersionFilename
ROSAanynoarchmosquitto< 2.0.15UNKNOWN

OS	Version	Architecture	Package	Version	Filename
ROSA	any	noarch	mosquitto	< 2.0.15	UNKNOWN