Headline
CVE-2021-41039: Invalid Bug ID
In versions 1.6 to 2.0.11 of Eclipse Mosquitto, an MQTT v5 client connecting with a large number of user-property properties could cause excessive CPU usage, leading to a loss of performance and possible denial of service.
Some Eclipse Foundation services are deprecated, or will be soon. Please ensure you’ve read this important communication.
‘575314?cve=title’ is not a valid bug number nor an alias to a bug.
Please press Back and try again.
Related news
Ubuntu Security Notice 6492-1 - Kathrin Kleinhammer discovered that Mosquitto incorrectly handled certain inputs. If a user or an automated system were provided with a specially crafted input, a remote attacker could possibly use this issue to cause a denial of service. This issue only affected Ubuntu 20.04 LTS. Zhanxiang Song discovered that Mosquitto incorrectly handled certain inputs. If a user or an automated system were provided with a specially crafted input, a remote attacker could possibly use this issue to cause an authorisation bypass. This issue only affected Ubuntu 22.04 LTS and Ubuntu 23.04.
Debian Linux Security Advisory 5511-1 - Several security vulnerabilities have been discovered in mosquitto, a MQTT compatible message broker, which may be abused for a denial of service attack.