Server Crash Vulnerability in Eclipse Mosquitto Leading to Service Disruption
CVE-2021-34432

7.5HIGH

Key Information:

Vendor: The Eclipse Foundation
Status: Eclipse Mosquitto
Vendor: CVE Published:; 27 July 2021

What is CVE-2021-34432?

In versions 2.07 and earlier of Eclipse Mosquitto, a flaw exists where the server crashes when a client sends a PUBLISH packet with a topic length of zero. This vulnerability can lead to significant service disruption, affecting functionality and availability for users relying on the MQTT broker. It is essential for administrators to apply necessary updates and mitigate the risks associated with this flaw to ensure continued service reliability.

Affected Version(s)

Eclipse Mosquitto <= 2.07

References

https://bugs.eclipse.org/bugs/show_bug.cgi?id=574141

x_refsource_CONFIRM

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Jul 27, 2021
Vulnerability Reserved
Jun 9, 2021

The Eclipse Foundation

What is CVE-2021-34432?

Affected Version(s)

References

CVSS V3.1

Timeline