Excessive Platform Resource Consumption within a Loop

CVE-2021-41039

High

7.5/10

Summary

In versions 1.6 to 2.0.11 of Eclipse Mosquitto, an MQTT v5 client connecting with a large number of user-property properties could cause excessive CPU usage, leading to a loss of performance and possible denial of service.

Attack Complexity: LOW
Attack Vector: NETWORK
Integrity Impact: NONE
Scope: UNCHANGED
User Interaction: NONE
Privileges Required: NONE
Confidentiality Impact: NONE
Availability Impact: HIGH

CWE-1050 - Excessive Platform Resource Consumption within a Loop

The software has a loop body or loop condition that contains a control element that directly or indirectly consumes platform resources, e.g. messaging, sessions, locks, or file descriptors.

References

Advisory
Issue
Release Note

Advisory Timeline

Published Dec 01, 2021

Excessive Platform Resource Consumption within a Loop

CVE-2021-41039

Summary

CWE-1050 - Excessive Platform Resource Consumption within a Loop

References

Advisory Timeline

ChainJacking

JetBrains IDE

KICS SaaS