N/A

In Eclipse Mosquitto version 1.6 to 2.0.10, if an authenticated client that had connected with MQTT v5 sent a crafted CONNECT message to the broker a memory leak would occur, which could be used to provide a DoS attack against the broker.

N/A

在移除最后引用时对内存的释放不恰当(内存泄露)

Eclipse Mosquitto 安全漏洞

Eclipse Mosquitto是Eclipse基金会的一套开源的消息代理软件。 Eclipse Mosquitto version 1.6至2.0.10版本存在安全漏洞，经过身份验证的客户机向代理发送了一条精心制作的CONNECT消息，就会发生内存泄漏，这可以用来对代理提供DoS攻击。

N/A

N/A