The MQTT protocol 3.1.1 requires a server to set a timeout value of 1.5 times the Keep-Alive value specified by a client, which allows remote attackers to cause a denial of service (loss of the ability to establish new connections), as demonstrated by SlowITe.
Metrics
Affected Vendors & Products
References
History
No history.
MITRE
Status: PUBLISHED
Assigner: mitre
Published: 2020-06-04T20:16:26
Updated: 2024-08-04T12:32:13.091Z
Reserved: 2020-06-04T00:00:00
Link: CVE-2020-13849
Vulnrichment
No data.
NVD
Status : Analyzed
Published: 2020-06-04T21:15:11.547
Modified: 2020-06-10T18:18:39.287
Link: CVE-2020-13849
Redhat
No data.