CVE-2021-34431

MEDIUM

Eclipse Mosquitto < 2.0.10 - Memory Leak

Title source: rule

Description

In Eclipse Mosquitto version 1.6 to 2.0.10, if an authenticated client that had connected with MQTT v5 sent a crafted CONNECT message to the broker a memory leak would occur, which could be used to provide a DoS attack against the broker.

References (1)

[Mailing List, Vendor Advisory] https://bugs.eclipse.org/bugs/show_bug.cgi?id=573191

Scores

CVSS v3 6.5

EPSS 0.0037

EPSS Percentile 58.5%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Classification

CWE

CWE-401

Status published

Affected Products (1)

eclipse/mosquitto < 2.0.10

Timeline

Published Jul 22, 2021

Tracked Since Feb 18, 2026