CVE-2021-34431

Summary

In Eclipse Mosquitto version 1.6 to 2.0.10, if an authenticated client that had connected with MQTT v5 sent a crafted CONNECT message to the broker a memory leak would occur, which could be used to provide a DoS attack against the broker.

Affected Software

VendorProductVersion RangeStatus
The Eclipse FoundationEclipse Mosquitto1.6 < unspecifiedaffected
The Eclipse FoundationEclipse Mosquittounspecified <= 2.0.10affected

Weaknesses

  • CWE-401: CWE-401: Missing Release of Memory after Effective Lifetime

ADP Enrichment

CVE Program Container

Additional References

References