CVE-2021-33176

Source
https://nvd.nist.gov/vuln/detail/CVE-2021-33176
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2021-33176.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2021-33176
Published
2021-06-08T15:15:07Z
Modified
2025-01-14T09:16:01.667582Z
Severity
  • 7.5 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVSS Calculator
Summary
[none]
Details

VerneMQ MQTT Broker versions prior to 1.12.0 are vulnerable to a denial of service attack as a result of excessive memory consumption due to the handling of untrusted inputs. These inputs cause the message broker to consume large amounts of memory, resulting in the application being terminated by the operating system.

References

Affected packages

Git / github.com/vernemq/vernemq

Affected ranges

Type
GIT
Repo
https://github.com/vernemq/vernemq
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed

Affected versions

0.*

0.10.0
0.10.1
0.11.0
0.11.1
0.12.1
0.12.2
0.12.3
0.12.4
0.12.5
0.12.5p1
0.12.5p2
0.12.5p3
0.12.5p4
0.12.5p5
0.13.1
0.14.1
0.14.2
0.15.1
0.15.2
0.15.3
0.9.4

1.*

1.0.0
1.0.0rc1
1.0.0rc2
1.0.1
1.1.0
1.1.1
1.10.0
1.10.1
1.10.2
1.10.3
1.10.4
1.10.4.1
1.10.5
1.11.0
1.12.0-rc.1
1.2.0
1.2.1
1.2.2
1.2.3
1.3.0
1.4.0
1.5.0
1.6.0
1.7.0
1.8.0
1.9.0
1.9.1
1.9.2