Search

Find a vulnerability

Search criteria

    2 vulnerabilities by VerneMQ

    CVE-2021-33176 (GCVE-0-2021-33176)

    Vulnerability from nvd – Published: 2021-06-08 14:31 – Updated: 2024-08-03 23:42
    VLAI
    Summary
    VerneMQ MQTT Broker versions prior to 1.12.0 are vulnerable to a denial of service attack as a result of excessive memory consumption due to the handling of untrusted inputs. These inputs cause the message broker to consume large amounts of memory, resulting in the application being terminated by the operating system.
    Severity
    No CVSS data available.
    CWE
    • CWE-502 - Deserialization of Untrusted Data
    Assigner
    References
    Impacted products
    Vendor Product Version
    VerneMQ vernemq Affected: <1.12.0
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T23:42:20.143Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.synopsys.com/blogs/software-security/cyrc-advisory-rabbitmq-emqx-vernemq"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "vernemq",
              "vendor": "VerneMQ",
              "versions": [
                {
                  "status": "affected",
                  "version": "\u003c1.12.0"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "VerneMQ MQTT Broker versions prior to 1.12.0 are vulnerable to a denial of service attack as a result of excessive memory consumption due to the handling of untrusted inputs. These inputs cause the message broker to consume large amounts of memory, resulting in the application being terminated by the operating system."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-502",
                  "description": "CWE-502: Deserialization of Untrusted Data",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2021-06-08T14:31:23.000Z",
            "orgId": "8cad7728-009c-4a3d-a95e-ca62e6ff8a0b",
            "shortName": "SNPS"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.synopsys.com/blogs/software-security/cyrc-advisory-rabbitmq-emqx-vernemq"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "disclosure@synopsys.com",
              "ID": "CVE-2021-33176",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "vernemq",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "\u003c1.12.0"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "VerneMQ"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "VerneMQ MQTT Broker versions prior to 1.12.0 are vulnerable to a denial of service attack as a result of excessive memory consumption due to the handling of untrusted inputs. These inputs cause the message broker to consume large amounts of memory, resulting in the application being terminated by the operating system."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-502: Deserialization of Untrusted Data"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://www.synopsys.com/blogs/software-security/cyrc-advisory-rabbitmq-emqx-vernemq",
                  "refsource": "MISC",
                  "url": "https://www.synopsys.com/blogs/software-security/cyrc-advisory-rabbitmq-emqx-vernemq"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8cad7728-009c-4a3d-a95e-ca62e6ff8a0b",
        "assignerShortName": "SNPS",
        "cveId": "CVE-2021-33176",
        "datePublished": "2021-06-08T14:31:23.000Z",
        "dateReserved": "2021-05-18T00:00:00.000Z",
        "dateUpdated": "2024-08-03T23:42:20.143Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2021-33176 (GCVE-0-2021-33176)

    Vulnerability from cvelistv5 – Published: 2021-06-08 14:31 – Updated: 2024-08-03 23:42
    VLAI
    Summary
    VerneMQ MQTT Broker versions prior to 1.12.0 are vulnerable to a denial of service attack as a result of excessive memory consumption due to the handling of untrusted inputs. These inputs cause the message broker to consume large amounts of memory, resulting in the application being terminated by the operating system.
    Severity
    No CVSS data available.
    CWE
    • CWE-502 - Deserialization of Untrusted Data
    Assigner
    References
    Impacted products
    Vendor Product Version
    VerneMQ vernemq Affected: <1.12.0
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T23:42:20.143Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.synopsys.com/blogs/software-security/cyrc-advisory-rabbitmq-emqx-vernemq"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "vernemq",
              "vendor": "VerneMQ",
              "versions": [
                {
                  "status": "affected",
                  "version": "\u003c1.12.0"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "VerneMQ MQTT Broker versions prior to 1.12.0 are vulnerable to a denial of service attack as a result of excessive memory consumption due to the handling of untrusted inputs. These inputs cause the message broker to consume large amounts of memory, resulting in the application being terminated by the operating system."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-502",
                  "description": "CWE-502: Deserialization of Untrusted Data",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2021-06-08T14:31:23.000Z",
            "orgId": "8cad7728-009c-4a3d-a95e-ca62e6ff8a0b",
            "shortName": "SNPS"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.synopsys.com/blogs/software-security/cyrc-advisory-rabbitmq-emqx-vernemq"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "disclosure@synopsys.com",
              "ID": "CVE-2021-33176",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "vernemq",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "\u003c1.12.0"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "VerneMQ"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "VerneMQ MQTT Broker versions prior to 1.12.0 are vulnerable to a denial of service attack as a result of excessive memory consumption due to the handling of untrusted inputs. These inputs cause the message broker to consume large amounts of memory, resulting in the application being terminated by the operating system."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-502: Deserialization of Untrusted Data"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://www.synopsys.com/blogs/software-security/cyrc-advisory-rabbitmq-emqx-vernemq",
                  "refsource": "MISC",
                  "url": "https://www.synopsys.com/blogs/software-security/cyrc-advisory-rabbitmq-emqx-vernemq"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8cad7728-009c-4a3d-a95e-ca62e6ff8a0b",
        "assignerShortName": "SNPS",
        "cveId": "CVE-2021-33176",
        "datePublished": "2021-06-08T14:31:23.000Z",
        "dateReserved": "2021-05-18T00:00:00.000Z",
        "dateUpdated": "2024-08-03T23:42:20.143Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }