In Eclipse Mosquitto version 1.6 to 2.0.10, if an authenticated client that had connected with MQTT v5 sent a crafted CONNECT message to the broker a memory leak would occur, which could be used to provide a DoS attack against the broker. Reference: https://bugs.eclipse.org/bugs/show_bug.cgi?id=573191
Created mosquitto tracking bugs for this issue: Affects: epel-all [bug 1985549] Affects: fedora-all [bug 1985548]
This CVE Bugzilla entry is for community support informational purposes only as it does not affect a package in a commercially supported Red Hat product. Refer to the dependent bugs for status of those individual community products.