Description

VerneMQ MQTT Broker versions prior to 1.12.0 are vulnerable to a denial of service attack as a result of excessive memory consumption due to the handling of untrusted inputs. These inputs cause the message broker to consume large amounts of memory, resulting in the application being terminated by the operating system.

Related CPE's

a

octavolabs

vernemq

Vulnerable

References

https://www.synopsys.com/blogs/software-security/cyrc-advisory-rabbitmq-emqx-vernemq

Third Party Advisory

Weaknesses

[email protected]

Primary
CWE-770

[email protected]

Secondary
CWE-502

CVSS impact metrics

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

7.5 · High

  • CVSS V3.1

  • CVSS V3.0

  • CVSS V2.0

Information

Source identifier

[email protected]

Vulnerability status

Analyzed

Published

2021-06-08T15:15:07.977

4 years ago

Last modified

2021-06-21T13:43:44.680

4 years ago