Candidate: CVE-2021-34432
PublicDate: 2021-07-27 16:15:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-34432
 https://github.com/eclipse/mosquitto/commit/9b08faf0bdaf5a4f2e6e3dd1ea7e8c57f70418d6
 https://bugs.eclipse.org/bugs/show_bug.cgi?id=574141
Description:
 In Eclipse Mosquitto versions 2.07 and earlier, the server will crash if
 the client tries to send a PUBLISH packet with topic length = 0.
Ubuntu-Description:
Notes:
Mitigation:
Bugs:
Priority: medium
Discovered-by:
Assigned-to:
CVSS:
 nvd: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H [7.5 HIGH]


Patches_mosquitto:
upstream_mosquitto: released (2.0.8-1)
trusty_mosquitto: ignored (out of standard support)
trusty/esm_mosquitto: needs-triage
xenial_mosquitto: ignored (out of standard support)
bionic_mosquitto: needs-triage
focal_mosquitto: needs-triage
hirsute_mosquitto: not-affected (2.0.10-3)
impish_mosquitto: not-affected
jammy_mosquitto: not-affected
devel_mosquitto: not-affected