CVE-2021-33176

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2021-33176

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2021-33176.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2021-33176

Published

2021-06-08T15:15:07Z

Modified

2025-01-14T09:16:01.667582Z

Severity

7.5 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVSS Calculator

Summary

[none]

Details

VerneMQ MQTT Broker versions prior to 1.12.0 are vulnerable to a denial of service attack as a result of excessive memory consumption due to the handling of untrusted inputs. These inputs cause the message broker to consume large amounts of memory, resulting in the application being terminated by the operating system.

References

https://www.synopsys.com/blogs/software-security/cyrc-advisory-rabbitmq-emqx-vernemq

Affected packages

Git / github.com/vernemq/vernemq

Affected ranges

Type: GIT
Repo: https://github.com/vernemq/vernemq
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Fixed

d8da843913d699d7be15694a270a11b4ebaab751

Affected versions

0.*

0.10.0

0.10.1

0.11.0

0.11.1

0.12.1

0.12.2

0.12.3

0.12.4

0.12.5

0.12.5p1

0.12.5p2

0.12.5p3

0.12.5p4

0.12.5p5

0.13.1

0.14.1

0.14.2

0.15.1

0.15.2

0.15.3

0.9.4

1.*

1.0.0

1.0.0rc1

1.0.0rc2

1.0.1

1.1.0

1.1.1

1.10.0

1.10.1

1.10.2

1.10.3

1.10.4

1.10.4.1

1.10.5

1.11.0

1.12.0-rc.1

1.2.0

1.2.1

1.2.2

1.2.3

1.3.0

1.4.0

1.5.0

1.6.0

1.7.0

1.8.0

1.9.0

1.9.1

1.9.2