Eclipse · Eclipse Mosquitto · CVE-2023-5632
**Name of the Vulnerable Software and Affected Versions**
Eclipse Mosquito versions 2.0.0 through 2.0.5
**Description**
Establishing a connection to the mosquitto server without sending data causes the EPOLLOUT event to be added, which results in excessive CPU consumption. This could be used by a malicious actor to perform a denial of service type attack.
**Recommendations**
For Eclipse Mosquito versions 2.0.0 through 2.0.5, update to version 2.0.6 to resolve the issue. As a temporary workaround, consider restricting access to the mosquitto server to minimize the risk of exploitation.