CVE Vulnerabilities

CVE-2021-34432

Published: Jul 27, 2021 | Modified: Aug 17, 2021

CVSS 3.x

7.5

HIGH

Source:

NVD

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CVSS 2.x

5 MEDIUM

RedHat/V2

RedHat/V3

Ubuntu

MEDIUM

Additional information

NVD	https://nvd.nist.gov/vuln/detail/CVE-2021-34432
CWE	https://cwe.mitre.org/data/definitions/.html

In Eclipse Mosquitto versions 2.07 and earlier, the server will crash if the client tries to send a PUBLISH packet with topic length = 0.

Affected Software

Name	Vendor	Start Version	End Version
Mosquitto	Eclipse	*	2.0.7 (including)
Mosquitto	Ubuntu	bionic	*
Mosquitto	Ubuntu	trusty	*
Mosquitto	Ubuntu	upstream	*
Mosquitto	Ubuntu	xenial	*

References

https://bugs.eclipse.org/bugs/show_bug.cgi?id=574141

Aqua Container Security

Aqua Security is the largest pure-play cloud native security company, providing customers the freedom to innovate and run their businesses with minimal friction. The Aqua Cloud Native Security Platform provides prevention, detection, and response automation across the entire application lifecycle to secure the build, secure cloud infrastructure and secure running workloads wherever they are deployed.