Mosquitto@* Security Vulnerabilities and Issues — Mosquitto@* CVE List

Lucene search

EclipseMosquitto*

5 matches found

CVE•added 2021/07/27 4:15 p.m.•97 views

CVE-2021-34432

In Eclipse Mosquitto versions 2.07 and earlier, the server will crash if the client tries to send a PUBLISH packet with topic length = 0.

7.5CVSS7.3AI score0.00344EPSS

CVE•added 2021/08/30 8:15 p.m.•96 views

CVE-2021-34434

In Eclipse Mosquitto versions 2.0 to 2.0.11, when using the dynamic security plugin, if the ability for a client to make subscriptions on a topic is revoked when a durable client is offline, then existing subscriptions for that client are not revoked.

5.3CVSS5.3AI score0.00279EPSS

CVE•added 2021/07/22 2:15 p.m.•89 views

CVE-2021-34431

In Eclipse Mosquitto version 1.6 to 2.0.10, if an authenticated client that had connected with MQTT v5 sent a crafted CONNECT message to the broker a memory leak would occur, which could be used to provide a DoS attack against the broker.

6.5CVSS6.2AI score0.00371EPSS

CVE•added 2021/12/01 8:15 p.m.•73 views

CVE-2021-41039

In versions 1.6 to 2.0.11 of Eclipse Mosquitto, an MQTT v5 client connecting with a large number of user-property properties could cause excessive CPU usage, leading to a loss of performance and possible denial of service.

7.5CVSS7.2AI score0.00225EPSS

CVE•added 2021/04/07 7:15 p.m.•66 views

CVE-2021-28166

In Eclipse Mosquitto version 2.0.0 to 2.0.9, if an authenticated client that had connected with MQTT v5 sent a crafted CONNACK message to the broker, a NULL pointer dereference would occur.

6.5CVSS6.2AI score0.00624EPSS