{"id":"CVE-2023-5632","details":"In Eclipse Mosquito before and including 2.0.5, establishing a connection to the mosquitto server without sending data causes the EPOLLOUT event to be added, which results excessive CPU consumption. This could be used by a malicious actor to perform denial of service type attack. This issue is fixed in 2.0.6\n\n\n","modified":"2026-04-12T09:09:26.742933Z","published":"2023-10-18T09:15:10.080Z","references":[{"type":"REPORT","url":"https://github.com/eclipse/mosquitto/pull/2053"},{"type":"FIX","url":"https://github.com/eclipse/mosquitto/commit/18bad1ff32435e523d7507e9b2ce0010124a8f2d"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/eclipse-mosquitto/mosquitto","events":[{"introduced":"0"},{"fixed":"18bad1ff32435e523d7507e9b2ce0010124a8f2d"}]},{"type":"GIT","repo":"https://github.com/eclipse/mosquitto","events":[{"introduced":"0"},{"last_affected":"c55424e8979c1fbc4a0a893f61f5b8f7e217f49d"}],"database_specific":{"versions":[{"introduced":"0"},{"last_affected":"2.0.5"}]}}],"versions":["v1.4.1","v1.4.10","v1.4.11","v1.4.12","v1.4.13","v1.4.14","v1.4.15","v1.4.2","v1.4.3","v1.4.4","v1.4.5","v1.4.6","v1.4.7","v1.4.8","v1.4.9","v1.5","v1.6","v1.6.1","v1.6.10","v1.6.11","v1.6.12","v1.6.2","v1.6.3","v1.6.4","v1.6.5","v1.6.6","v1.6.7","v1.6.8","v1.6.9","v2.0.0","v2.0.1","v2.0.2","v2.0.3","v2.0.4","v2.0.5"],"database_specific":{"vanir_signatures":[{"source":"https://github.com/eclipse-mosquitto/mosquitto/commit/18bad1ff32435e523d7507e9b2ce0010124a8f2d","target":{"file":"lib/packet_mosq.c"},"signature_version":"v1","signature_type":"Line","id":"CVE-2023-5632-2ab895b3","deprecated":false,"digest":{"line_hashes":["339340532613465271204693980858278238153","136292289744382020139876670180840970972","21869194843853891625861881781520145664","285141719073239596503475120037193743720"],"threshold":0.9}},{"source":"https://github.com/eclipse-mosquitto/mosquitto/commit/18bad1ff32435e523d7507e9b2ce0010124a8f2d","target":{"file":"lib/packet_mosq.c","function":"packet__write"},"signature_version":"v1","signature_type":"Function","id":"CVE-2023-5632-580bb959","deprecated":false,"digest":{"function_hash":"68487489615421562917012134159900078294","length":3121}}],"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2023-5632.json","vanir_signatures_modified":"2026-04-12T09:09:26Z"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}]}