CVE-2021-33176 - AskarLabs CVE Database

CVE-2021-33176

Vendor Vernemq

Product vernemq

Weakness CWE-502 · Unsafe deserialization

Published June 8, 2021

Last update August 3, 2024

View on NVD All CVEs

CVSS base score

—

What the vulnerability does

01Description

VerneMQ MQTT Broker versions prior to 1.12.0 are vulnerable to a denial of service attack as a result of excessive memory consumption due to the handling of untrusted inputs. These inputs cause the message broker to consume large amounts of memory, resulting in the application being terminated by the operating system.

Key dates

02Disclosure timeline

June 8, 2021 CVE published

August 3, 2024 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2021-33176 CWE — Common Weakness Enumeration https://cwe.mitre.org/data/definitions/502.html

Related vulnerabilities

04Related CVE

CVE-2026-20251 Remote Code Execution through Deserialization of Untrusted Data in Splunk Secure Gateway CVE-2025-59328 Apache Fory: Denial of Service (DoS) due to Deserialization of Untrusted malicious large Data CVE-2022-36038 CircuitVerse potential RCE vulnerability via Oj.load CVE-2023-51505 WordPress Active Products Tables for WooCommerce Plugin <= 1.0.6 is vulnerable to PHP Object Injection CVE-2025-58644 WordPress LTL Freight Quotes - TQL Edition Plugin <= 1.2.6 - PHP Object Injection Vulnerability