Lucene search

K
rosalinuxROSA LABROSA-SA-2023-2224
HistoryAug 29, 2023 - 12:18 p.m.

Advisory ROSA-SA-2023-2224

2023-08-2912:18:55
ROSA LAB
abf.rosalinux.ru
5
mosquitto
high vulnerability
medium vulnerability
rosa-chrome
denial of service

CVSS2

5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

AI Score

6.7

Confidence

High

EPSS

0.001

Percentile

39.4%

software: mosquitto 2.0.15
WASP: ROSA-CHROME

package_evr_string: mosquitto-2.0.15-2.src.rpm

CVE-ID: CVE-2021-34431
BDU-ID: 2022-01775
CVE-Crit: MEDIUM
CVE-DESC.: A vulnerability in the Mosquitto message broker is related to incorrect processing of a CONNECT packet without will topic, will message in the presence of will flag, will property. Exploitation of the vulnerability allows an attacker acting remotely to cause a denial of service
CVE-STATUS: Resolved
CVE-REV: To close, run the command: sudo dnf update mosquitto

CVE-ID: CVE-2021-41039
BDU-ID: 2022-03119
CVE-Crit: HIGH
CVE-DESC.: A vulnerability in the Eclipse Mosquitto message broker MQTT v5 protocol implementation is associated with excessive CPU utilization. Exploitation of the vulnerability could allow an attacker acting remotely to cause a denial-of-service.
CVE-STATUS: Fixed.
CVE-REV: To close, run the command: sudo dnf update mosquitto

OSVersionArchitecturePackageVersionFilename
ROSAanynoarchmosquitto< 2.0.15UNKNOWN

CVSS2

5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

AI Score

6.7

Confidence

High

EPSS

0.001

Percentile

39.4%