Main Vulnerability Database Vulnerabilities #VU79936

#VU79936 Memory leak in Eclipse Mosquitto - CVE-2023-28366

Published: August 24, 2023

Vulnerability identifier: #VU79936

Vulnerability risk: Medium

CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green

CVE-ID: CVE-2023-28366

CWE-ID: CWE-401

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vulnerable software:
Eclipse Mosquitto

Software vendor:
Eclipse

Description

The vulnerability allows a remote user to perform DoS attack on the target system.

The vulnerability exists due memory leak in broker. A remote client can send multiple QoS 2 messages with the same message ID, but then never respond to the PUBREC commands, which results in memory leak and denial of service condition.

Remediation

Install updates from vendor's website.

External links

https://mosquitto.org/blog/2023/08/version-2-0-16-released/

#VU79936 Memory leak in Eclipse Mosquitto - CVE-2023-28366

Description

Remediation

External links

Please verify you're human