Security News > 2021 > June > DoS vulns in 3 open-source MQTT message brokers could leave users literally locked out of their homes or offices

DoS vulns in 3 open-source MQTT message brokers could leave users literally locked out of their homes or offices
2021-06-08 13:05

Synopsys Cybersecurity Research Centre has warned of easily triggered denial-of-service vulnerabilities in three popular open-source Internet of Things message brokers: RabbitMQ, EMQ X, and VerneMQ. The message brokers, responsible for handling data sent to or from IoT devices like smart home hubs and door locks, all share a common protocol: Message Queuing Telemetry Transport, first released in 1999 for monitoring oil pipelines and since repurposed for a variety of home and industrial automation tasks.

Any disruption in MQTT messaging could potentially leave users locked out of their homes and offices.

All three message brokers affected by Knudsen's discovery can be fooled into bloating their memory usage until they are terminated by the host operating system by sending them a specially crafted MQTT message.

"CVE-2021-22116, CVE-2021-33175, and CVE-2021-33176 are denial of service vulnerabilities in three popular open source message brokers. They give attackers the opportunity to disable the message brokers, a denial-of-service attack that could have serious consequences."

While all are triggered by a malicious MQTT message, the message has to be written specifically for the target message broker.

Knudsen's research revealed three messages, each of which crashes a single message broker, but reported no luck in finding a single message capable of crashing all three - a small comfort to beleaguered system administrators.


News URL

https://go.theregister.com/feed/www.theregister.com/2021/06/08/mqtt_dos_vulnerabilities/

Related Vulnerability

DATE CVE VULNERABILITY TITLE RISK
2021-06-08 CVE-2021-33176 Allocation of Resources Without Limits or Throttling vulnerability in Octavolabs Vernemq
VerneMQ MQTT Broker versions prior to 1.12.0 are vulnerable to a denial of service attack as a result of excessive memory consumption due to the handling of untrusted inputs.
network
low complexity
octavolabs CWE-770
5.0
2021-06-08 CVE-2021-33175 Allocation of Resources Without Limits or Throttling vulnerability in Emqx EMQ X Broker
EMQ X Broker versions prior to 4.2.8 are vulnerable to a denial of service attack as a result of excessive memory consumption due to the handling of untrusted inputs.
network
low complexity
emqx CWE-770
5.0
2021-06-08 CVE-2021-22116 Improper Input Validation vulnerability in multiple products
RabbitMQ all versions prior to 3.8.16 are prone to a denial of service vulnerability due to improper input validation in AMQP 1.0 client connection endpoint.
network
low complexity
vmware debian CWE-20
7.5