What the vulnerability does

01Description

In Eclipse Mosquitto 1.4.14, a user can shutdown the Mosquitto server simply by filling the RAM memory with a lot of connections with large payload. This can be done without authentications if occur in connection phase of MQTT protocol.

Key dates

02Disclosure timeline

April 24, 2018 CVE published
August 5, 2024 Record updated