CVE-2021-34432: Input Validation
First published: Tue Jul 27 2021(Updated: )
In Eclipse Mosquitto versions 2.07 and earlier, the server will crash if the client tries to send a PUBLISH packet with topic length = 0.
Credit: emo@eclipse.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Eclipse Mosquitto | <=2.0.7 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is CVE-2021-34432?
CVE-2021-34432 is a vulnerability in Eclipse Mosquitto versions 2.07 and earlier that can cause the server to crash if the client sends a PUBLISH packet with topic length = 0.
How can CVE-2021-34432 affect me?
If you are using an affected version of Eclipse Mosquitto, an attacker can crash your server by sending a PUBLISH packet with a topic length of 0.
What is the severity of CVE-2021-34432?
CVE-2021-34432 has a severity score of 7.5 out of 10, indicating a high severity vulnerability.
How can I fix CVE-2021-34432?
To fix CVE-2021-34432, you should upgrade to a version of Eclipse Mosquitto that is not affected, such as version 2.0.8 or later.
Where can I find more information about CVE-2021-34432?
You can find more information about CVE-2021-34432 in the official bug report at https://bugs.eclipse.org/bugs/show_bug.cgi?id=574141.
- collector/nvd-index
- vendor/eclipse
- canonical/eclipse mosquitto
- version/eclipse mosquitto/2.0.7