CVE-2021-33176

HIGH

VerneMQ MQTT Broker <1.12.0 - DoS

Title source: llm

Description

VerneMQ MQTT Broker versions prior to 1.12.0 are vulnerable to a denial of service attack as a result of excessive memory consumption due to the handling of untrusted inputs. These inputs cause the message broker to consume large amounts of memory, resulting in the application being terminated by the operating system.

References (1)

[Third Party Advisory] https://www.synopsys.com/blogs/software-security/cyrc-advisory-rabbitmq-emqx-vernemq

Scores

CVSS v3 7.5

EPSS 0.0041

EPSS Percentile 61.1%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Classification

CWE

CWE-502 CWE-770

Status published

Affected Products (1)

octavolabs/vernemq < 1.12.0

Timeline

Published Jun 08, 2021

Tracked Since Feb 18, 2026