NULL Pointer Dereference Affecting mosquitto package, versions <2.0.10
Snyk CVSS
Attack Complexity
Low
Availability
High
Threat Intelligence
Exploit Maturity
Mature
EPSS
0.05% (20th
percentile)
Do your applications use this vulnerable package?
In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.
Test your applications- Snyk ID SNYK-COCOAPODS-MOSQUITTO-1244070
- published 8 Apr 2021
- disclosed 8 Apr 2021
- credit Bryan Pearson
Introduced: 8 Apr 2021
CVE-2021-28166 Open this link in a new tabHow to fix?
Upgrade Mosquitto
to version 2.0.10 or higher.
Overview
Mosquitto is an open source implementation of a server for version 3.1 and 3.1.1 of the MQTT protocol.
Affected versions of this package are vulnerable to NULL Pointer Dereference. If an authenticated client that had connected with MQTT v5
sent a crafted CONNACK
message to the broker, a NULL pointer dereference would occur.