Published: 01/12/2021 Updated: 02/10/2023

CVSS v2 Base Score: 5 | Impact Score: 2.9 | Exploitability Score: 10

CVSS v3 Base Score: 7.5 | Impact Score: 3.6 | Exploitability Score: 3.9

VMScore: 445

Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P

In versions 1.6 to 2.0.11 of Eclipse Mosquitto, an MQTT v5 client connecting with a large number of user-property properties could cause excessive CPU usage, leading to a loss of performance and possible denial of service.

Vulnerable Product	Search on Vulmon	Subscribe to Product
eclipse mosquitto

Debian Bug report logs - #1001028 mosquitto: CVE-2021-41039: Possible DoS Attack caused by unlimited number of "user properties" Package: src:mosquitto; Maintainer for src:mosquitto is Roger A Light <roger@atchooorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Thu, 2 Dec 2021 21:21:01 UTC Severity ...

Several security vulnerabilities have been discovered in mosquitto, a MQTT compatible message broker, which may be abused for a denial of service attack CVE-2021-34434 In Eclipse Mosquitto when using the dynamic security plugin, if the ability for a client to make subscriptions on a topic is revoked when a durable client is offline, t ...

NVD-CWE-Other https://bugs.eclipse.org/bugs/show_bug.cgi?id=575314 https://www.debian.org/security/2023/dsa-5511 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1001028 https://nvd.nist.gov https://www.debian.org/security/2023/dsa-5511

CVE-2021-41039

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

References

Vulmon Search

About

Products

Connect