Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Unconditionally adding an event to the epoll causes excessive CPU consumption
Vulnerability Description
In Eclipse Mosquito before and including 2.0.5, establishing a connection to the mosquitto server without sending data causes the EPOLLOUT event to be added, which results excessive CPU consumption. This could be used by a malicious actor to perform denial of service type attack. This issue is fixed in 2.0.6
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Vulnerability Type
过度迭代
Vulnerability Title
Eclipse Mosquitto 安全漏洞
Vulnerability Description
Eclipse Mosquitto是Eclipse基金会的一套开源的消息代理软件。 Eclipse Mosquitto 2.0.5及之前版本存在安全漏洞,该漏洞源于当建立与mosquitto服务器连接而不发送数据时会导致添加EPOLLOUT事件,从而导致CPU消耗过多,攻击者利用该漏洞可能执行拒绝服务类型的攻击。
CVSS Information
N/A
Vulnerability Type
N/A