CVE-2021-41039

2021-12-0100:00:00

ubuntu.com

cve-2021-41039

excessive cpu usage

loss of performance

denial of service

mqtt v5 client

eclipse mosquitto

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

EPSS

0.001

Percentile

43.3%

JSON

In versions 1.6 to 2.0.11 of Eclipse Mosquitto, an MQTT v5 client
connecting with a large number of user-property properties could cause
excessive CPU usage, leading to a loss of performance and possible denial
of service.

OSVersionArchitecturePackageVersionFilename
ubuntu20.04noarchmosquitto< 1.6.9-1ubuntu0.1~esm1UNKNOWN
ubuntu22.04noarchmosquitto< 2.0.11-1ubuntu1.1UNKNOWN