Login Sign Up

CVE-2021-34432

7.5 HIGH
Denial of Service

📋 TL;DR

This vulnerability allows remote attackers to crash Eclipse Mosquitto MQTT broker servers by sending a specially crafted PUBLISH packet with zero-length topic. All systems running vulnerable versions of Mosquitto are affected, potentially causing denial of service.

💻 Affected Systems

Products:
  • Eclipse Mosquitto
Versions: All versions up to and including 2.0.7
Operating Systems: All platforms running Mosquitto
Default Config Vulnerable: ⚠️ Yes
Notes: All configurations are vulnerable as this is a protocol parsing issue in the core broker.

📦 What is this software?

Mosquitto by Eclipse

View all CVEs affecting Mosquitto →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete service outage of the MQTT broker, disrupting all IoT/MQTT communications and potentially affecting downstream systems that depend on message delivery.

🟠

Likely Case

Service disruption requiring manual restart of the Mosquitto broker, causing temporary loss of message delivery and connectivity for connected clients.

🟢

If Mitigated

Minimal impact if proper network segmentation and monitoring are in place, with quick detection and restart capabilities.

🌐 Internet-Facing: HIGH - Internet-facing brokers are directly exposed to unauthenticated exploitation attempts from any source.
🏢 Internal Only: MEDIUM - Internal brokers are still vulnerable but attack surface is reduced to internal network access.

🎯 Exploit Status

Public PoC: ⚠️ Yes
Weaponized: LIKELY
Unauthenticated Exploit: ⚠️ Yes
Complexity: LOW

Exploitation requires sending a single malformed MQTT packet, making it trivial to weaponize.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 2.0.8 and later

Vendor Advisory: https://mosquitto.org/blog/2021/06/version-2-0-8-released/

Restart Required: Yes

Instructions:

1. Download Mosquitto 2.0.8 or later from official sources. 2. Stop the Mosquitto service. 3. Install the updated version. 4. Restart the Mosquitto service.

🔧 Temporary Workarounds

Network Filtering

all

Use network firewalls or application gateways to filter MQTT traffic and block malformed packets.

Load Balancer/Proxy Protection

all

Configure load balancers or reverse proxies to validate MQTT packets before forwarding to Mosquitto.

🧯 If You Can't Patch

  • Implement network segmentation to isolate Mosquitto brokers from untrusted networks
  • Deploy monitoring and automated restart scripts to detect and recover from crashes

🔍 How to Verify

Check if Vulnerable:

Check Mosquitto version with 'mosquitto -v' or examine package version. If version is 2.0.7 or earlier, system is vulnerable.

Check Version:

mosquitto -v

Verify Fix Applied:

After patching, verify version is 2.0.8 or later and test with a controlled malformed packet (if safe testing environment available).

📡 Detection & Monitoring

Log Indicators:

  • Mosquitto process crashes
  • Unexpected termination logs
  • Connection errors from clients after broker restart

Network Indicators:

  • MQTT PUBLISH packets with topic length field set to 0
  • Sudden drop in MQTT traffic followed by service restart

SIEM Query:

source="mosquitto.log" AND ("crash" OR "segmentation fault" OR "terminated unexpectedly")

📊 Metadata

CVE ID: CVE-2021-34432
CVSS v3 Score: 7.5 (HIGH)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
CWE: CWE-20
Published: July 27, 2021
Last Updated: November 21, 2024

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2021-34432, you might also want to check these:

CVE-2022-47190 10.0

CVE-2022-47190 allows remote attackers to upload malicious firmware containing a webshell to Generex...

Same vulnerability type (CWE-20)
CVE-2024-3400 10.0

CVE-2024-3400 is a critical command injection vulnerability in Palo Alto Networks PAN-OS GlobalProte...

Same vulnerability type (CWE-20)
CVE-2023-42802 10.0

This critical vulnerability in GLPI allows attackers to upload malicious PHP files to unauthorized d...

Same vulnerability type (CWE-20)