CVE-2021-41039
CVE-2021-41039
In short
A bug in Eclipse Mosquitto allows someone connecting as an MQTT v5 client to send a message with many user properties, which causes the server to use excessive CPU and become slow or unresponsive.
Technical detail
An MQTT v5 client can trigger high CPU consumption by connecting with a large number of user-property attributes, leading to performance degradation and potential denial of service. This affects Mosquitto versions 1.6 to 2.0.11 and requires no authentication or special conditions to trigger.
Summary generated and translated by AI from the official description.
In versions 1.6 to 2.0.11 of Eclipse Mosquitto, an MQTT v5 client connecting with a large number of user-property properties could cause excessive CPU usage, leading to a loss of performance and possible denial of service.
Affected products
The Eclipse Foundation · Eclipse MosquittoWant to know if your infrastructure is exposed to this?
Talk to TrueHacking →