CVE-2023-0809
Summary
| CVE | CVE-2023-0809 |
|---|---|
| State | PUBLIC |
| Assigner | [email protected] |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2023-10-02 19:15:00 UTC |
| Updated | 2024-01-07 10:15:00 UTC |
| Description | In Mosquitto before 2.0.16, excessive memory is allocated based on malicious initial packets that are not CONNECT packets. |
Risk And Classification
Problem Types: CWE-770
NVD Known Affected Configurations (CPE 2.3)
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| Version 2.0.16 released. | Eclipse Mosquitto | MISC | mosquitto.org | |
| security.gentoo.org/glsa/202401-09 | security.gentoo.org | ||
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
No vendor comments have been submitted for this CVE.
Legacy QID Mappings
- 199931 Ubuntu Security Notification for Mosquitto Vulnerabilities (USN-6492-1)
- 242923 Red Hat Update for Satellite 6.14.2 (RHSA-2024:0797)
- 242993 Red Hat Update for Satellite 6 (RHSA-2024:1061)
- 285295 Fedora Security Update for mosquitto (FEDORA-2023-9adc4be8b0)
- 378973 IBM Integration Bus Denial of Service (DoS) Vulnerability (7056456)
- 505895 Alpine Linux Security Update for mosquitto
- 6000171 Debian Security Update for mosquitto (DSA 5511-1)
- 710827 Gentoo Linux Eclipse Mosquitto Multiple Vulnerabilities (GLSA 202401-09)