Lucene search

K
ubuntucveUbuntu.comUB:CVE-2023-0809
HistoryOct 02, 2023 - 12:00 a.m.

CVE-2023-0809

2023-10-0200:00:00
ubuntu.com
ubuntu.com
9
cve-2023-0809
mosquitto
memory allocation

CVSS3

5.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

LOW

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:L

EPSS

0

Percentile

13.2%

In Mosquitto before 2.0.16, excessive memory is allocated based on
malicious initial packets that are not CONNECT packets.

OSVersionArchitecturePackageVersionFilename
ubuntu20.04noarchmosquitto< 1.6.9-1ubuntu0.1~esm1UNKNOWN
ubuntu22.04noarchmosquitto< 2.0.11-1ubuntu1.1UNKNOWN
ubuntu23.04noarchmosquitto< 2.0.11-1.2ubuntu0.1UNKNOWN

CVSS3

5.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

LOW

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:L

EPSS

0

Percentile

13.2%