CVE-2020-13849
HIGHMQTT 3.1.1 - Denial of Service via Keep-Alive Timeout Manipulation
Title source: llmDescription
The MQTT protocol 3.1.1 requires a server to set a timeout value of 1.5 times the Keep-Alive value specified by a client, which allows remote attackers to cause a denial of service (loss of the ability to establish new connections), as demonstrated by SlowITe.
References (2)
Core 2
Core References
Technical Description, Third Party Advisory x_refsource_misc
https://www.mdpi.com/1424-8220/20/10/2932
Technical Description, Third Party Advisory x_refsource_misc
https://doi.org/10.3390/s20102932
Scores
CVSS v3
7.5
EPSS
0.0200
EPSS Percentile
78.2%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Details
CWE
CWE-400
Status
published
Products (1)
mqtt/mqtt
3.1.1
Published
Jun 04, 2020
Tracked Since
Feb 18, 2026