Search

Find a vulnerability

Search criteria

    2 vulnerabilities by EMQ Technologies

    CVE-2021-33175 (GCVE-0-2021-33175)

    Vulnerability from nvd – Published: 2021-06-08 14:31 – Updated: 2024-08-03 23:42
    VLAI
    Summary
    EMQ X Broker versions prior to 4.2.8 are vulnerable to a denial of service attack as a result of excessive memory consumption due to the handling of untrusted inputs. These inputs cause the message broker to consume large amounts of memory, resulting in the application being terminated by the operating system.
    Severity
    No CVSS data available.
    CWE
    • CWE-502 - Deserialization of Untrusted Data
    Assigner
    References
    Impacted products
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T23:42:20.215Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.synopsys.com/blogs/software-security/cyrc-advisory-rabbitmq-emqx-vernemq"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "EMQ X Broker",
              "vendor": "EMQ Technologies",
              "versions": [
                {
                  "status": "affected",
                  "version": "\u003c4.2.8"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "EMQ X Broker versions prior to 4.2.8 are vulnerable to a denial of service attack as a result of excessive memory consumption due to the handling of untrusted inputs. These inputs cause the message broker to consume large amounts of memory, resulting in the application being terminated by the operating system."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-502",
                  "description": "CWE-502: Deserialization of Untrusted Data",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2021-06-08T14:31:16.000Z",
            "orgId": "8cad7728-009c-4a3d-a95e-ca62e6ff8a0b",
            "shortName": "SNPS"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.synopsys.com/blogs/software-security/cyrc-advisory-rabbitmq-emqx-vernemq"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "disclosure@synopsys.com",
              "ID": "CVE-2021-33175",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "EMQ X Broker",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "\u003c4.2.8"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "EMQ Technologies"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "EMQ X Broker versions prior to 4.2.8 are vulnerable to a denial of service attack as a result of excessive memory consumption due to the handling of untrusted inputs. These inputs cause the message broker to consume large amounts of memory, resulting in the application being terminated by the operating system."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-502: Deserialization of Untrusted Data"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://www.synopsys.com/blogs/software-security/cyrc-advisory-rabbitmq-emqx-vernemq",
                  "refsource": "MISC",
                  "url": "https://www.synopsys.com/blogs/software-security/cyrc-advisory-rabbitmq-emqx-vernemq"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8cad7728-009c-4a3d-a95e-ca62e6ff8a0b",
        "assignerShortName": "SNPS",
        "cveId": "CVE-2021-33175",
        "datePublished": "2021-06-08T14:31:16.000Z",
        "dateReserved": "2021-05-18T00:00:00.000Z",
        "dateUpdated": "2024-08-03T23:42:20.215Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2021-33175 (GCVE-0-2021-33175)

    Vulnerability from cvelistv5 – Published: 2021-06-08 14:31 – Updated: 2024-08-03 23:42
    VLAI
    Summary
    EMQ X Broker versions prior to 4.2.8 are vulnerable to a denial of service attack as a result of excessive memory consumption due to the handling of untrusted inputs. These inputs cause the message broker to consume large amounts of memory, resulting in the application being terminated by the operating system.
    Severity
    No CVSS data available.
    CWE
    • CWE-502 - Deserialization of Untrusted Data
    Assigner
    References
    Impacted products
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T23:42:20.215Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.synopsys.com/blogs/software-security/cyrc-advisory-rabbitmq-emqx-vernemq"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "EMQ X Broker",
              "vendor": "EMQ Technologies",
              "versions": [
                {
                  "status": "affected",
                  "version": "\u003c4.2.8"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "EMQ X Broker versions prior to 4.2.8 are vulnerable to a denial of service attack as a result of excessive memory consumption due to the handling of untrusted inputs. These inputs cause the message broker to consume large amounts of memory, resulting in the application being terminated by the operating system."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-502",
                  "description": "CWE-502: Deserialization of Untrusted Data",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2021-06-08T14:31:16.000Z",
            "orgId": "8cad7728-009c-4a3d-a95e-ca62e6ff8a0b",
            "shortName": "SNPS"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.synopsys.com/blogs/software-security/cyrc-advisory-rabbitmq-emqx-vernemq"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "disclosure@synopsys.com",
              "ID": "CVE-2021-33175",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "EMQ X Broker",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "\u003c4.2.8"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "EMQ Technologies"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "EMQ X Broker versions prior to 4.2.8 are vulnerable to a denial of service attack as a result of excessive memory consumption due to the handling of untrusted inputs. These inputs cause the message broker to consume large amounts of memory, resulting in the application being terminated by the operating system."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-502: Deserialization of Untrusted Data"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://www.synopsys.com/blogs/software-security/cyrc-advisory-rabbitmq-emqx-vernemq",
                  "refsource": "MISC",
                  "url": "https://www.synopsys.com/blogs/software-security/cyrc-advisory-rabbitmq-emqx-vernemq"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8cad7728-009c-4a3d-a95e-ca62e6ff8a0b",
        "assignerShortName": "SNPS",
        "cveId": "CVE-2021-33175",
        "datePublished": "2021-06-08T14:31:16.000Z",
        "dateReserved": "2021-05-18T00:00:00.000Z",
        "dateUpdated": "2024-08-03T23:42:20.215Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }