Zhanxiang Song

**Name of the Vulnerable Software and Affected Versions** Eclipse Mosquitto versions 1.6 through 2.0.11 **Description** The issue is related to the implementation of the MQTT v5 protocol in Eclipse Mosquitto, which can cause excessive CPU usage. This can be exploited by a remote attacker to cause a denial of service. The problem occurs when an MQTT v5 client connects with a large number of `user-property` properties. **Recommendations** For Eclipse Mosquitto versions 1.6 through 2.0.11, consider restricting the number of `user-property` properties that can be sent by an MQTT v5 client to prevent excessive CPU usage. As a temporary workaround, restrict access to the MQTT v5 protocol until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.