PT-2023-32224 · Eclipse+1 · Eclipse Mosquitto+1

Przemyslaw Zygmunt

Published

2023-10-18

Updated

2025-03-10

CVE-2023-5632

CVSS v3.1

7.5

High

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Name of the Vulnerable Software and Affected Versions Eclipse Mosquito versions 2.0.0 through 2.0.5

Description Establishing a connection to the mosquitto server without sending data causes the EPOLLOUT event to be added, which results in excessive CPU consumption. This could be used by a malicious actor to perform a denial of service type attack.

Recommendations For Eclipse Mosquito versions 2.0.0 through 2.0.5, update to version 2.0.6 to resolve the issue. As a temporary workaround, consider restricting access to the mosquitto server to minimize the risk of exploitation.

Fix

DoS

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-834

Related Identifiers

ALT-PU-2024-12359

ALT-PU-2025-3746

CVE-2023-5632

OESA-2023-1772

OESA-2023-1773

OESA-2023-1774

Affected Products

Alt Linux

Eclipse Mosquitto

PT-2023-32224 · Eclipse+1 · Eclipse Mosquitto+1

CVE-2023-5632

Weakness Enumeration

Related Identifiers

Affected Products

References · 42