5 matches found
PT-2026-29123
NanoMQ MQTT Broker NanoMQ is an all-around Edge Messaging Platform. In NanoMQ version 0.24.6, after enabling auth.http auth HTTP authentication, when a client connects to the broker using MQTT CONNECT without providing username/password, and the configuration params uses the placeholders %u / %P...
CVE-2024-44775
kmqtt v0.2.7 is vulnerable to Denial of Service DoS due to a Null Pointer Exception. A remote attacker can cause the broker to crash by sending a specially crafted MQTT CONNECT packet that triggers an unhandled null reference, leading to an immediate process termination...
SUSE CVE-2017-7651
In Eclipse Mosquitto 1.4.14, a user can shutdown the Mosquitto server simply by filling the RAM memory with a lot of connections with large payload. This can be done without authentications if occur in connection phase of MQTT protocol...
CVE-2021-45937
wolfSSL wolfMQTT 1.9 has a heap-based buffer overflow in MqttClientDecodePacket called from MqttClientWaitType and MqttClientConnect...
DEBIAN-CVE-2017-7651
In Eclipse Mosquitto 1.4.14, a user can shutdown the Mosquitto server simply by filling the RAM memory with a lot of connections with large payload. This can be done without authentications if occur in connection phase of MQTT protocol...