What is CVE-2021-41039?

CVE-2021-41039 is a vulnerability in The Eclipse Foundation Mosquitto, classified under CWE-1050. Published 2021-12-01.

Is CVE-2021-41039 known to be exploited?

1 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

Vulnerability in The Eclipse Foundation Mosquitto

CVE-2021-41039

In versions 1.6 to 2.0.11 of Eclipse Mosquitto, an MQTT v5 client connecting with a large number of user-property properties could cause excessive CPU usage, leading to a loss of performance and possible denial of service.

EPSS: 0.003 (48.5th percentile) — read the EPSS interpretation.

Affected products

The Eclipse Foundation Mosquitto — versions 1.6, unspecified

Weakness classification (CWE)

CWE-1050

Public proof-of-concept exploits

FyneWix/SIOT

References

bugs.eclipse.org/bugs/show_bug.cgi
DSA-5511 (vendor-advisory)

Frequently asked questions

What is CVE-2021-41039?: CVE-2021-41039 is a vulnerability in The Eclipse Foundation Mosquitto, classified under CWE-1050. Published 2021-12-01.
Is CVE-2021-41039 known to be exploited?: 1 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.