CVE-2021-28166

Name
CVE-2021-28166
Description
In Eclipse Mosquitto version 2.0.0 to 2.0.9, if an authenticated client that had connected with MQTT v5 sent a crafted CONNACK message to the broker, a NULL pointer dereference would occur.
NVD Severity
medium
Other trackers
Mailing lists
Exploits
Forges
GitHub (code, issues), Aports (code, issues)

References

Type URI
Issue Tracking https://bugs.eclipse.org/bugs/show_bug.cgi?id=572608

Match rules

CPE URI Source package Min version Max version
cpe:2.3:a:eclipse:mosquitto:*:*:*:*:*:*:*:* mosquitto >= 2.0.0 <= 2.0.9

Vulnerable and fixed packages

Source package Branch Version Maintainer Status