PT-2023-32224 · Eclipse+1 · Eclipse Mosquitto+1

Przemyslaw Zygmunt

Publicado

2023-10-18

Atualizado

2025-03-10

CVE-2023-5632

CVSS v3.1

7.5

Alta

Vetor

AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Name of the Vulnerable Software and Affected Versions Eclipse Mosquito versions 2.0.0 through 2.0.5

Description Establishing a connection to the mosquitto server without sending data causes the EPOLLOUT event to be added, which results in excessive CPU consumption. This could be used by a malicious actor to perform a denial of service type attack.

Recommendations For Eclipse Mosquito versions 2.0.0 through 2.0.5, update to version 2.0.6 to resolve the issue. As a temporary workaround, consider restricting access to the mosquitto server to minimize the risk of exploitation.

Correção

DoS

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-834

Identificadores relacionados

ALT-PU-2024-12359

ALT-PU-2025-3746

CVE-2023-5632

OESA-2023-1772

OESA-2023-1773

OESA-2023-1774

Produtos afetados

Alt Linux

Eclipse Mosquitto

PT-2023-32224 · Eclipse+1 · Eclipse Mosquitto+1

CVE-2023-5632

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 42