CVE-2025-56352

Name of the Vulnerable Software and Affected Versions tinyMQTT (affected versions not specified)

Description The broker mishandles protocol violations during the parsing of CONNECT packets. When a CONNECT packet is received with a zero-length Client ID and CleanSession is set to 0, the broker returns a CONNACK return code 0x02 (Identifier Rejected) but does not close the TCP connection. Because the connection teardown logic is not guaranteed to execute, each invalid attempt leaves the underlying socket open. This can lead to server-side resource exhaustion through the accumulation of memory and file descriptors, potentially resulting in a denial of service.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.