Description

VerneMQ MQTT Broker versions prior to 1.12.0 are vulnerable to a denial of service attack as a result of excessive memory consumption due to the handling of untrusted inputs. These inputs cause the message broker to consume large amounts of memory, resulting in the application being terminated by the operating system.

Related CPE's

a

octavolabs

vernemq

Vulnerable

References

https://www.synopsys.com/blogs/software-security/cyrc-advisory-rabbitmq-emqx-vernemq

Third Party Advisory

https://www.synopsys.com/blogs/software-security/cyrc-advisory-rabbitmq-emqx-vernemq

Third Party Advisory

Weaknesses

[email protected]

Secondary
CWE-502

[email protected]

Primary
CWE-770

CVSS impact metrics

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

7.5 · High

Information

Source identifier

[email protected]

Vulnerability status

Modified

Published

2021-06-08T13:15:07.977Z

4 years ago

Last modified

2024-11-21T05:08:27.377Z

1 year ago