First published: Wed Dec 01 2021(Updated: )
In versions 1.6 to 2.0.11 of Eclipse Mosquitto, an MQTT v5 client connecting with a large number of user-property properties could cause excessive CPU usage, leading to a loss of performance and possible denial of service.
Credit: emo@eclipse.org emo@eclipse.org
Affected Software | Affected Version | How to fix |
---|---|---|
Eclipse Mosquitto | >=1.6<=2.0.11 | |
debian/mosquitto | <=2.0.11-1 | 1.5.7-1+deb10u1 2.0.11-1+deb11u1 2.0.11-1.2 2.0.11-1.2+deb12u1 2.0.18-1 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2021-41039 is a vulnerability in versions 1.6 to 2.0.11 of Eclipse Mosquitto that can cause excessive CPU usage and lead to a loss of performance and possible denial of service when an MQTT v5 client connects with a large number of user-property properties.
CVE-2021-41039 affects versions 1.6 to 2.0.11 of Eclipse Mosquitto by causing excessive CPU usage, which can result in a loss of performance and possible denial of service.
CVE-2021-41039 has a severity rating of 7.5 (high).
To fix CVE-2021-41039, you should update Eclipse Mosquitto to a version that is not affected, such as version 2.0.18.
You can find more information about CVE-2021-41039 on the Eclipse Bugzilla website (https://bugs.eclipse.org/bugs/show_bug.cgi?id=575314) and the Debian Security tracker (https://security-tracker.debian.org/tracker/CVE-2021-34434).