CVE-2023-5632

{"id": "CVE-2023-5632", "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "emo@eclipse.org", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.5, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}, "impactScore": 3.6, "exploitabilityScore": 3.9}, {"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.5, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}, "impactScore": 3.6, "exploitabilityScore": 3.9}]}, "published": "2023-10-18T09:15:10.080", "references": [{"url": "https://github.com/eclipse/mosquitto/commit/18bad1ff32435e523d7507e9b2ce0010124a8f2d", "tags": ["Patch"], "source": "emo@eclipse.org"}, {"url": "https://github.com/eclipse/mosquitto/pull/2053", "tags": ["Issue Tracking"], "source": "emo@eclipse.org"}, {"url": "https://github.com/eclipse/mosquitto/commit/18bad1ff32435e523d7507e9b2ce0010124a8f2d", "tags": ["Patch"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://github.com/eclipse/mosquitto/pull/2053", "tags": ["Issue Tracking"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Secondary", "source": "emo@eclipse.org", "description": [{"lang": "en", "value": "CWE-834"}]}, {"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-834"}]}], "descriptions": [{"lang": "en", "value": "In Eclipse Mosquito before and including 2.0.5, establishing a connection to the mosquitto server without sending data causes the EPOLLOUT event to be added, which results excessive CPU consumption. This could be used by a malicious actor to perform denial of service type attack. This issue is fixed in 2.0.6\n\n\n"}, {"lang": "es", "value": "En Eclipse Mosquito anterior a 2.0.5 incluida, establecer una conexi\u00f3n con el servidor mosquitto sin enviar datos provoca que se agregue el evento EPOLLOUT, lo que resulta en un consumo excesivo de CPU. Esto podr\u00eda ser utilizado por un actor malintencionado para realizar un ataque de tipo de denegaci\u00f3n de servicio. Este problema se solucion\u00f3 en 2.0.6."}], "lastModified": "2024-11-21T08:42:09.573", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:eclipse:mosquitto:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "A9ACA0BE-573B-4295-9390-F88687C64298", "versionEndExcluding": "2.0.6"}], "operator": "OR"}]}], "sourceIdentifier": "emo@eclipse.org"}